Ga naar inhoud

michrd

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    31

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door michrd

  1. michrd
    hier is het hijack logje van mijn laptop ......ik had verleden week wel problemen om via internetbankieren geld over te maken vandaar dat ikook deze hijacklog meestuur Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:11:47, on 4-12-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Users\GEBRUI~1\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\conime.exe C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\Acer 3G Connection Manager\GtDetectSc.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- End of file - 5338 bytes
  2. michrd
    Hallo wij Hebben een brief ontvangen van Ziggo ( de internetprovider) met de melding dat 1 van de 5 pc,s van het ip adres het trojaanse paard TORPIG heeft Torpig, also known as Sinowal or Anserin het enigste wat de provider zegt is zoeken in een zoekmachine ,,,daar vond ik dat het ook met de (Rabo)Bank te maken had als we binnen 5 dagen niet het Virus verwijdert hebben word de internet toegang geblokkerd weten jullie mischien een tool of programma waar dit specifieke trojaans paard mee weg te halen is ? aangezien er 5 verschillende pc,s draaien weet ik niet zeker of de hijack log zal helpen van de pc waar ik nu mee draai ; ik zal deze ieder geval wel meesturen Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:43:00, on 4-12-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-725345543-1801674531-1920980409-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287579073281 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 7519 bytes Met vriendelijke groet Mich
  3. michrd
    ok dat ga ik doen dan ..dan weet ik zeker dat alles schoon is ....en de fouten eruit zijn ; heel erg bedankt voor je Medewerking en je Tijd ...Groeten van Mich ...en nogmaals Lof Voor het Forum ik zal mijn topic als opgelost markeren
  4. michrd
    ik heb een vraag ...en mischien een mogelijke oplossing ? ik heb intussen een nieuwe windwosversie ( xp pro ) op een andere HD geinstaleerd kan/ mag ik deze( Hard disk ( waar ik nu mee draai en die niet in veilige modes kan komen ) als slave erbij zetten ...alle software die ik wil behouden ..backuppen en vervolgens als alles eraf is de schijf formatteren . en opnieuw windows erop zetten ?
  5. michrd
    nee met toggle f8 kom ik wel in het opstart gedeelte van veilige modes ...maar hij restart voordat veilige modes compleet opgestart kan worden Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:11:58, on 22-11-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-725345543-1801674531-1920980409-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287579073281 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 7603 bytes - - - Updated - - - ik heb weer mijn pc opgestart en geprobeerd in veilige modes te komen maar als hij bezig is met het multidisk ( opstarten van veilige modes) restart hij de pc weer opnieuw op
  6. michrd
    hier mijn logjes # AdwCleaner v2.008 - Verslag gemaakt op 22/11/2012 om 09:25:28 # Geactualiseerd op 17/11/2012 door Xplode # Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits) # Gebruiker : mich - HOME-593292D6C1 # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Documents and Settings\mich\Bureaublad\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Verwijdert : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml Map Verwijdert : C:\Documents and Settings\All Users\Application Data\InstallMate Map Verwijdert : C:\Documents and Settings\All Users\Application Data\Premium Map Verwijdert : C:\Documents and Settings\mich\Local Settings\Application Data\Conduit Map Verwijdert : C:\Program Files\Free Offers from Freeze.com ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\Conduit Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Sleutel Verwijdert : HKCU\Software\Softonic Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Conduit.Engine Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2769726 Sleutel Verwijdert : HKLM\Software\Conduit Sleutel Verwijdert : HKLM\Software\Freeze.com ***** [browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v [Onmogelijk de versie te verkrijgen] File : C:\Documents and Settings\mich\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[R1].txt - [2315 octets] - [22/11/2012 07:18:45] AdwCleaner[R2].txt - [2375 octets] - [22/11/2012 07:19:52] AdwCleaner[s1].txt - [2184 octets] - [22/11/2012 09:25:28] ########## EOF - C:\AdwCleaner[s1].txt - [2244 octets] ########## Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:30:10, on 22-11-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-725345543-1801674531-1920980409-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287579073281 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 7691 bytes - - - Updated - - - PS ik heb na de laatste logjes geprobeerd de pc opnieuw op te starten in veilige Modes ...dat gaat nog steeds niet ...hij restart voordat ik in veilige Modes kom voor de rest "" Lijkt"" alles weer goed te werken Groetjes Mich
  7. michrd
    hallo goeie morgen ..ik heb adware gescant deze vond niets en heeft ook niet opgestart ook heb ik gister mijn AVG 2013 kunnen repareren ( die stond weer op inactief) hier komen de logjes # AdwCleaner v2.008 - Verslag gemaakt op 22/11/2012 om 07:18:45 # Geactualiseerd op 17/11/2012 door Xplode # Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits) # Gebruiker : mich - HOME-593292D6C1 # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Documents and Settings\mich\Bureaublad\adwcleaner.exe # Optie [Zoeken] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Aanwezig : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml Map Aanwezig : C:\Documents and Settings\All Users\Application Data\InstallMate Map Aanwezig : C:\Documents and Settings\All Users\Application Data\Premium Map Aanwezig : C:\Documents and Settings\mich\Local Settings\Application Data\Conduit Map Aanwezig : C:\Program Files\Free Offers from Freeze.com ***** [Register] ***** Sleutel Aanwezig : HKCU\Software\Conduit Sleutel Aanwezig : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Sleutel Aanwezig : HKCU\Software\Softonic Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678} Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Conduit.Engine Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar.CT2769726 Sleutel Aanwezig : HKLM\Software\Conduit Sleutel Aanwezig : HKLM\Software\Freeze.com Sleutel Aanwezig : HKU\S-1-5-21-725345543-1801674531-1920980409-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} ***** [browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v [Onmogelijk de versie te verkrijgen] File : C:\Documents and Settings\mich\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[R1].txt - [2186 octets] - [22/11/2012 07:18:45] ########## EOF - C:\AdwCleaner[R1].txt - [2246 octets] ########## Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:20:44, on 22-11-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Documents and Settings\mich\Bureaublad\adwcleaner.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-725345543-1801674531-1920980409-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287579073281 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 7595 bytes - - - Updated - - - ook na het het opstarten van de pc krijg ik geen melding om iets te verwijderen bij ADWCleaner
  8. michrd
    hier is mijn Mbam Logje Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Databaseversie: v2012.11.21.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 mich :: HOME-593292D6C1 [administrator] 21-11-2012 15:28:30 mbam-log-2012-11-21 (15-28-30).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 221687 Verstreken tijd: 8 minuut/minuten, 2 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Hier Mijn Hijack logje Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:39:47, on 21-11-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-725345543-1801674531-1920980409-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287579073281 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 7174 bytes ik krijg aleen file nr 24 niet weg ...heb dit diverse malen laten scannen en fixen O24 - Desktop Component AutorunsDisabled: (no name) - (no file) ik start nu me pc opnieuw op en check of ik in veligge modes kan KOmen ...vriendelijke groeten Mich - - - Updated - - - mmmhh ik kan nogsteeds niet in veilige modes komen maar met normaal opstarten blijft wel Het Ukash Virus weg
  9. michrd
    na de AVG rescue cd heeft hij wel het een en anders weg gehaald ...maar na het opstartenkan ik nog steeds niet in veiligge modes komen . ik heb daarna nogmaals Kaspersky resque gedaan en ook laten scannen ......ik kan nogsteeds niet in veiligge modes komen maar het Ukash Virus is weg ...en ik kon een Hijack logje maken C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-725345543-1801674531-1920980409-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287579073281 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 7107 bytes
  10. michrd
    ik kan niet in veiligge Modes komen ...op geen enkele manier ...niet met netwerk niet met opdrachtprompt nergens mee ...zodra hij veiligge modes aan het opstarten is reset de pc en start opnieuw op
  11. michrd
    Hallo Kape ik heb de kaspersky gedraaid en opnieuw opgestart ...het Ukash Virus start nogsteeds op en ik kan ook nog niet in veligge modes opstarten :-( ik krijg2 x een foutmelding in rood gedrukt met afsluiten van kapersky : Failed because we are usung /run de rest van de meldingen zijn groen van Kaspersky nu na weer opstarten is hij CHKDSK aan het doen uitzichzelf ik zal dit afwachten en kijken wat er gebeurt - - - Updated - - - Na chkdsk kan ik nogsteeds niet in veiligge Modes komen en Ukash komt weer zodra ik normaal opstart
  12. michrd
    ik draai met xp home sp3
  13. michrd
    Hoi ik kwam er vanmorgen achter dat mijn AVG scanner weer inactief was en vlak erna had ik het U kash Virus ik heb geprobeerd mijn pc in veiligge modus op te starten .maar dit ging dus niet ook niet zonder netwerk dus ik kan geen HiJack logje maken wat kan ik doen om het Virus weg te halen ... - - - Updated - - - op mijn laptop draait AVG wel gewoon goed hij is nu aan het updaten en op mijn desktop stond alles weer inactief
  14. michrd
    Super!!!! Heel erg bedankt Kape voor je Hulp Heel veel Lof voor Jou en Het Helpforum : Jullie zijn geweldig ik heb alles verwijderd en schoongemaakt ik wen jullie een heel fijne Zondag Vriendelijke Groeten van Mich
  15. michrd
    Hoi KApe Goeiedag Het draait goed weer ) snel opstarten ook weer ik ben heel erg blij het enigsteis die melding van : LogiTray.exe MFC71.DLL "" maar dat is van een webcam van logitech denk ik, dus ie zal ik opnieuwe (de) instaleren ...moet ik ook nog cc cleaner draaien of zie jij geen fouten meer nu ? Heel erg bedankt een goed weekend '. en laat me maar weten als ik opgelost kan aanvinken
  16. michrd
    ComboFix 12-11-13.03 - mich 16-11-2012 19:45:05.5.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3071.2424 [GMT 1:00] Gestart vanuit: c:\documents and settings\mich\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\mich\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . FILE :: "c:\windows\system32\drivers\iq5c.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\mich\Application Data\AVG2013 c:\documents and settings\mich\Application Data\AVG2013\cfgall\userawacs.cfg c:\documents and settings\mich\Application Data\AVG2013\cfgall\usergui.cfg c:\documents and settings\mich\Application Data\AVG2013\cfgall\userguistate.cfg c:\windows\system32\config\systemprofile\Application Data\AVG2013 c:\windows\system32\config\systemprofile\Application Data\AVG2013\cfgall\outlook.cfg c:\windows\system32\config\systemprofile\Application Data\AVG2013\cfgall\userawacs.cfg c:\windows\system32\config\systemprofile\Application Data\AVG2013\cfgall\usergui.cfg c:\windows\system32\config\systemprofile\Application Data\AVG2013\cfgall\userguistate.cfg . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_IQ5C.SYS -------\Service_iq5c.sys . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))) . . 2012-11-16 19:01 . 2012-11-16 19:01 -------- d-----w- c:\documents and settings\mich\Application Data\AVG2013 2012-11-16 13:46 . 2012-11-16 13:46 1060864 ----a-w- c:\windows\system32\MFC71.dll 2012-11-16 13:36 . 2012-11-16 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData 2012-11-16 10:17 . 2012-09-21 02:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys 2012-11-16 10:15 . 2012-11-16 10:15 -------- d-----w- c:\program files\AVG 2012-11-15 15:58 . 2012-11-16 18:42 -------- d--h--r- c:\documents and settings\mich\Onlangs geopend 2012-11-15 03:28 . 2012-11-15 03:28 -------- d-----w- c:\documents and settings\mich\Application Data\TuneUp Software 2012-11-06 16:36 . 2012-11-06 16:36 -------- d-----w- c:\documents and settings\mich\Local Settings\Application Data\WMTools Downloaded Files 2012-11-06 11:22 . 2012-11-06 11:22 -------- d-----w- c:\program files\Voxengo 2012-11-06 11:12 . 2012-11-06 13:25 -------- d-----w- c:\documents and settings\mich\Application Data\Audacity 2012-11-06 11:12 . 2012-11-06 11:12 -------- d-----w- c:\program files\Audacity 2012-10-22 12:02 . 2012-10-22 12:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 19:57 . 2008-04-15 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys 2012-10-15 02:48 . 2012-10-15 02:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-10-05 02:32 . 2012-10-05 02:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2012-10-02 18:04 . 2008-04-15 12:00 58368 ----a-w- c:\windows\system32\synceng.dll 2012-10-02 02:30 . 2012-10-02 02:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2012-09-29 18:54 . 2012-07-22 06:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-21 02:46 . 2012-09-21 02:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-09-21 02:45 . 2012-09-21 02:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2012-09-14 02:05 . 2012-09-14 02:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2012-08-28 15:17 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2008-04-15 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:27 . 2008-04-15 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2008-04-14 22:11 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys [-] 2008-04-15 12:00 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys [7] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-06 3143800] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\SecondLifeViewer2\\slplugin.exe"= "c:\\Program Files\\FinalTorrent\\FinalTorrent.EXE"= "c:\\Program Files\\FinalTorrent\\FTCheckForUpdates.exe"= "c:\\Program Files\\VirtualDJ\\virtualdj_pro.exe"= "c:\\Program Files\\SecondLifeViewer\\SLVoice.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Documents and Settings\\mich\\Bureaublad\\programma,s\\opensim-0.7.2-bin\\opensim-0.7.2-bin\\bin\\OpenSim.32BitLaunch.exe"= "c:\\Documents and Settings\\mich\\Bureaublad\\programma,s\\opensim-0.7.2-bin\\opensim-0.7.2-bin\\bin\\OpenSim.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Firestorm-Release\\SLVoice.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Documents and Settings\\mich\\Application Data\\Dropbox\\bin\\Dropbox.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3306:TCP"= 3306:TCP:MySQL55 "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [13-12-2011 11:45 98304] R2 MySQL55;MySQL55;"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="c:\documents and settings\All Users\Application Data\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> c:\program files\MySQL\MySQL Server 5.5\bin\mysqld [?] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [20-10-2010 15:16 33792] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [13-12-2011 11:45 3735552] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14-1-2008 11:06 21632] R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?] R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S4 cpuz134;cpuz134;\??\c:\docume~1\mich\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\mich\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2012-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2012-11-16 c:\windows\Tasks\FinalTorrent Update Checker.job - c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-10-15 13:24] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 14:13] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 14:13] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.bing.nl/ mStart Page = hxxp://www.bing.com/ TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-11-16 20:03 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL55] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\documents and settings\All Users\Application Data\MySQL\MySQL Server 5.5\my.ini\" MySQL55" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-725345543-1801674531-1920980409-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6510B3E4-6EE6-A205-C777-56C343079B5B}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "ialpigngifofabcodc"=hex:6b,61,68,70,6c,63,64,62,6f,66,6b,6f,65,67,6a,63,67,64, 69,63,6c,66,00,02 "hanpkefgmpclnbjj"=hex:6b,61,63,70,68,63,6a,6e,63,6b,6a,6f,6c,6e,70,65,6b,6e, 68,62,6f,6e,00,02 "iahnafbkinmlepkboj"=hex:63,61,67,70,6d,66,00,7c "dbfpecamgachgadgmgocacdgkcgnfedpmipgiagm"=hex:68,61,6b,6e,66,63,6c,68,62,68, 62,70,67,6c,6e,6f,00,00 "jbfpecamgachgadgmgocncbeiinlljcmbhlmkohmjnokafommegi"=hex:68,61,6b,6e,66,63, 6c,68,62,68,62,70,67,6c,6e,6f,00,00 "dbfpecamgachgadgmgocddggffiaknhhjamnonbb"=hex:68,66,6e,62,66,63,69,61,6b,62, 61,62,6e,6f,6c,63,64,63,70,6d,69,62,62,61,66,6f,70,67,6d,6a,69,66,69,70,6a,\ "dbfphhpeklgjehagjlamnpcigofpmigfpcjeione"=hex:68,61,6b,6e,66,63,6c,68,62,68, 62,70,67,6c,6e,6f,00,00 "jbfphhpeklgjehagjlammaocaaggmnfkccholpeccoekhgghmmjd"=hex:68,61,6b,6e,66,63, 6c,68,62,68,62,70,67,6c,6e,6f,00,00 "dbfphhpeklgjehagjlamgapgemcfplkfachagcap"=hex:62,61,6e,62,00,00 "dbfpfhbphpodkknhkhiafeccoijhccnjkmnnhkae"=hex:68,61,6b,6e,66,63,6c,68,62,68, 62,70,67,6c,6e,6f,00,00 "jbfpfhbphpodkknhkhiaedbagnpnpmmhbmlhidmekkobjchifbpg"=hex:68,61,6b,6e,66,63, 6c,68,62,68,62,70,67,6c,6e,6f,00,00 "dbfpfhbphpodkknhkhiacdjemnldpmonfkbaamgd"=hex:62,62,6e,62,66,63,69,61,6b,62, 61,62,6e,6f,6c,63,64,63,70,6d,69,62,62,61,66,6f,70,67,6d,6a,69,66,69,70,6a,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(2832) c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll c:\windows\system32\webcheck.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\SOUNDMAN.EXE c:\windows\system32\RunDLL32.exe c:\program files\HP\hpcoretech\comp\hptskmgr.exe c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\MySQL\MySQL Server 5.5\bin\mysqld.exe c:\windows\system32\nvsvc32.exe c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\windows\system32\wdfmgr.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe . ************************************************************************** . Voltooingstijd: 2012-11-16 20:05:37 - machine werd herstart ComboFix-quarantined-files.txt 2012-11-16 19:05 ComboFix2.txt 2012-11-16 16:59 ComboFix3.txt 2012-11-16 07:05 ComboFix4.txt 2012-11-15 17:41 ComboFix5.txt 2012-11-16 18:44 . Pre-Run: 39.895.932.928 bytes beschikbaar Post-Run: 39.893.340.160 bytes beschikbaar . - - End Of File - - EA3512F44E2DCF244BD8C5FB4E08193D
  17. michrd
    Hoi KApe ...ik had in de tussentijd Mijn AVG 2013 weer Kunnen downloaden / updaten en laten scannen ik zal deze log ook meesturen ComboFix 12-11-13.03 - mich 16-11-2012 17:38:03.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3071.2425 [GMT 1:00] Gestart vanuit: c:\documents and settings\mich\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_xcpip -------\Service_xpsec . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))) . . 2012-11-16 13:46 . 2012-11-16 13:46 1060864 ----a-w- c:\windows\system32\MFC71.dll 2012-11-16 13:36 . 2012-11-16 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData 2012-11-16 10:17 . 2012-09-21 02:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys 2012-11-16 10:15 . 2012-11-16 10:15 -------- d-----w- c:\program files\AVG 2012-11-15 15:58 . 2012-11-16 14:06 -------- d--h--r- c:\documents and settings\mich\Onlangs geopend 2012-11-15 06:52 . 2012-11-15 06:52 -------- d-----w- c:\documents and settings\mich\Application Data\AVG2013 2012-11-15 03:28 . 2012-11-15 03:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013 2012-11-15 03:28 . 2012-11-15 03:28 -------- d-----w- c:\documents and settings\mich\Application Data\TuneUp Software 2012-11-06 16:36 . 2012-11-06 16:36 -------- d-----w- c:\documents and settings\mich\Local Settings\Application Data\WMTools Downloaded Files 2012-11-06 11:22 . 2012-11-06 11:22 -------- d-----w- c:\program files\Voxengo 2012-11-06 11:12 . 2012-11-06 13:25 -------- d-----w- c:\documents and settings\mich\Application Data\Audacity 2012-11-06 11:12 . 2012-11-06 11:12 -------- d-----w- c:\program files\Audacity 2012-10-22 12:02 . 2012-10-22 12:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 19:57 . 2008-04-15 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys 2012-10-15 02:48 . 2012-10-15 02:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-10-05 02:32 . 2012-10-05 02:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2012-10-02 18:04 . 2008-04-15 12:00 58368 ----a-w- c:\windows\system32\synceng.dll 2012-10-02 02:30 . 2012-10-02 02:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2012-09-29 18:54 . 2012-07-22 06:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-21 02:46 . 2012-09-21 02:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-09-21 02:45 . 2012-09-21 02:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2012-09-14 02:05 . 2012-09-14 02:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2012-08-28 15:17 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2008-04-15 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:27 . 2008-04-15 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2008-04-14 22:11 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys [-] 2008-04-15 12:00 . 20B52A4224B23B0DE4A9017A04D5DB94 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys [7] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-06 3143800] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\SecondLifeViewer2\\slplugin.exe"= "c:\\Program Files\\FinalTorrent\\FinalTorrent.EXE"= "c:\\Program Files\\FinalTorrent\\FTCheckForUpdates.exe"= "c:\\Program Files\\VirtualDJ\\virtualdj_pro.exe"= "c:\\Program Files\\SecondLifeViewer\\SLVoice.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Documents and Settings\\mich\\Bureaublad\\programma,s\\opensim-0.7.2-bin\\opensim-0.7.2-bin\\bin\\OpenSim.32BitLaunch.exe"= "c:\\Documents and Settings\\mich\\Bureaublad\\programma,s\\opensim-0.7.2-bin\\opensim-0.7.2-bin\\bin\\OpenSim.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Firestorm-Release\\SLVoice.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Documents and Settings\\mich\\Application Data\\Dropbox\\bin\\Dropbox.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3306:TCP"= 3306:TCP:MySQL55 "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [13-12-2011 11:45 98304] R2 MySQL55;MySQL55;"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="c:\documents and settings\All Users\Application Data\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> c:\program files\MySQL\MySQL Server 5.5\bin\mysqld [?] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [20-10-2010 15:16 33792] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [13-12-2011 11:45 3735552] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14-1-2008 11:06 21632] S3 iq5c.sys;iq5c.sys;\??\c:\windows\system32\drivers\iq5c.sys --> c:\windows\system32\drivers\iq5c.sys [?] S4 cpuz134;cpuz134;\??\c:\docume~1\mich\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\mich\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?] . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - xcpip *Deregistered* - xpsec . Inhoud van de 'Gedeelde Taken' map . 2012-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2012-11-16 c:\windows\Tasks\FinalTorrent Update Checker.job - c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-10-15 13:24] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 14:13] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 14:13] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.bing.nl/ mStart Page = hxxp://www.bing.com/ TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-11-16 17:57 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL55] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\documents and settings\All Users\Application Data\MySQL\MySQL Server 5.5\my.ini\" MySQL55" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-725345543-1801674531-1920980409-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6510B3E4-6EE6-A205-C777-56C343079B5B}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "ialpigngifofabcodc"=hex:6b,61,68,70,6c,63,64,62,6f,66,6b,6f,65,67,6a,63,67,64, 69,63,6c,66,00,02 "hanpkefgmpclnbjj"=hex:6b,61,63,70,68,63,6a,6e,63,6b,6a,6f,6c,6e,70,65,6b,6e, 68,62,6f,6e,00,02 "iahnafbkinmlepkboj"=hex:63,61,67,70,6d,66,00,7c "dbfpecamgachgadgmgocacdgkcgnfedpmipgiagm"=hex:68,61,6b,6e,66,63,6c,68,62,68, 62,70,67,6c,6e,6f,00,00 "jbfpecamgachgadgmgocncbeiinlljcmbhlmkohmjnokafommegi"=hex:68,61,6b,6e,66,63, 6c,68,62,68,62,70,67,6c,6e,6f,00,00 "dbfpecamgachgadgmgocddggffiaknhhjamnonbb"=hex:68,66,6e,62,66,63,69,61,6b,62, 61,62,6e,6f,6c,63,64,63,70,6d,69,62,62,61,66,6f,70,67,6d,6a,69,66,69,70,6a,\ "dbfphhpeklgjehagjlamnpcigofpmigfpcjeione"=hex:68,61,6b,6e,66,63,6c,68,62,68, 62,70,67,6c,6e,6f,00,00 "jbfphhpeklgjehagjlammaocaaggmnfkccholpeccoekhgghmmjd"=hex:68,61,6b,6e,66,63, 6c,68,62,68,62,70,67,6c,6e,6f,00,00 "dbfphhpeklgjehagjlamgapgemcfplkfachagcap"=hex:62,61,6e,62,00,00 "dbfpfhbphpodkknhkhiafeccoijhccnjkmnnhkae"=hex:68,61,6b,6e,66,63,6c,68,62,68, 62,70,67,6c,6e,6f,00,00 "jbfpfhbphpodkknhkhiaedbagnpnpmmhbmlhidmekkobjchifbpg"=hex:68,61,6b,6e,66,63, 6c,68,62,68,62,70,67,6c,6e,6f,00,00 "dbfpfhbphpodkknhkhiacdjemnldpmonfkbaamgd"=hex:62,62,6e,62,66,63,69,61,6b,62, 61,62,6e,6f,6c,63,64,63,70,6d,69,62,62,61,66,6f,70,67,6d,6a,69,66,69,70,6a,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(132) c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll c:\windows\system32\webcheck.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\SOUNDMAN.EXE c:\windows\system32\RunDLL32.exe c:\program files\HP\hpcoretech\comp\hptskmgr.exe c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\MySQL\MySQL Server 5.5\bin\mysqld.exe c:\windows\system32\nvsvc32.exe c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\windows\system32\wdfmgr.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe . ************************************************************************** . Voltooingstijd: 2012-11-16 17:59:11 - machine werd herstart ComboFix-quarantined-files.txt 2012-11-16 16:58 ComboFix2.txt 2012-11-16 07:05 ComboFix3.txt 2012-11-15 17:41 ComboFix4.txt 2011-08-30 18:03 . Pre-Run: 38.863.171.584 bytes beschikbaar Post-Run: 39.901.212.672 bytes beschikbaar . - - End Of File - - 07F02905E22EFEA17FC5B7C4CA69A8B1 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:00:31, on 16-11-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKUS\S-1-5-21-725345543-1801674531-1920980409-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287579073281 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 6919 bytes "De hele computer scannen" "Hoge prioriteit";"37";"37";"0" "Doorsnee prioriteit";"2";"1";"1" "Berichten";"1";"0";"1" "Geselecteerde mappen voor scan:";"De hele computer scannen" "Gestart/voltooid:";"16-11-2012, 11:20:12 / 16-11-2012, 13:22:54" "Totaal gescande objecten:";"754902" "Gebruiker:";"mich" "Status";"Prioriteit";"Naam";"Beschrijving";"Resultaat" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\WINDOWS\system32\LVCOMSX.EXE (156)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\WINDOWS\system32\nvsvc32.exe (2856)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\WINDOWS\system32\svchost.exe (1340)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe (2608)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\WINDOWS\system32\svchost.exe (1416)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\WINDOWS\system32\svchost.exe (1044)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (2028)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\Logitech\Video\FxSvr2.exe (2060)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (324)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe (2120)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\WINDOWS\explorer.exe (1496)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\WINDOWS\system32\rundll32.exe (312)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\AVG\AVG2013\avgui.exe (3096)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\Internet Explorer\iexplore.exe (4456)";"Beveiligd" "Geïnfecteerd";"Gemiddeld";"Beschadigd uitvoerend bestand";"C:\WINDOWS\system32\drivers\atapi.sys";"Kan niet worden opgeschoond" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe (832)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.AUES";"C:\WINDOWS\system32\services.exe (720)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\AVG\AVG2013\avgwdsvc.exe (5436)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (2368)";"Beveiligd" "Geïnfecteerd";"Boodschap";"Runtime-gecomprimeerd fsg";"C:\Documents and Settings\mich\Bureaublad\muziek\cubase\-= Serial =-\Driver installer SX v3.0.2.623 ISO\drinstcubsx30.exe";"Geïnfecteerd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.AUET";"C:\WINDOWS\system32\winlogon.exe (676)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\WINDOWS\system32\svchost.exe (2500)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\Internet Explorer\iexplore.exe (5692)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\WINDOWS\system32\svchost.exe (1380)";"Beveiligd" "Hersteld";"Hoog";"Virus gevonden Win32/Cryptor";"C:\System Volume Information\_restore{88870431-183B-43B3-8D84-960D1202979F}\RP595\A0168677.exe";"Verplaatst naar de quarantaine" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\Logitech\Video\LogiTray.exe (192)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\Common Files\Java\Java Update\jusched.exe (240)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\WINDOWS\system32\svchost.exe (1096)";"Beveiligd" "Hersteld";"Gemiddeld";"Registersleutel gevonden met verwijzing naar geïnfecteerd bestand C:\WINDOWS\system32\DRIVERS\atapi.sys";"HKLM\SYSTEM\CurrentControlSet\services\atapi";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\Internet Explorer\iexplore.exe (508)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2916)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (3944)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\WINDOWS\system32\alg.exe (1184)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\AVG\AVG2013\avgidsagent.exe (4936)";"Beveiligd" "Hersteld";"Hoog";"Koppelingsbestand gevonden met verwijzing naar geïnfecteerd bestand C:\Documents and Settings\mich\Bureaublad\EICAR.COM.txt";"C:\System Volume Information\_restore{88870431-183B-43B3-8D84-960D1202979F}\RP601\A0169315.lnk";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\Internet Explorer\iexplore.exe (5820)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (144)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\WINDOWS\system32\wdfmgr.exe (2756)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (820)";"Beveiligd" "Hersteld";"Hoog";"Trojaans paard PSW.Agent.ASJX";"C:\WINDOWS\system32\svchost.exe (1192)";"Beveiligd" het loopt weer een stuk beter nu het enigste is wat ik nu zie Bij het opsarten is dat hij : LogiTray.exe MFC71.DLL niet kan vinden ...maar als ik ok klik draait het wel gewoon door
  18. michrd
    ik heb een nieuwe log gemaakt met combofix maar weer geeft hij de lijntjes ..ik heb deze handmatig weg gehaald ik hoop dat dit nu beter leesbaar voor je is ComboFix 12-11-13.03 - mich 16-11-2012 7:42.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3071.2456 [GMT 1:00] Gestart vanuit: c:\documents and settings\mich\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . Andere Verwijderingen . . . Drivers/Services . . -------\Service_xcpip -------\Service_xpsec . . Bestanden Gemaakt van 2012-10-16 to 2012-11-16 . . 2012-11-15 15:58 . 2012-11-15 15:58 -------- d--h--r- c:\documents and settings\mich\Onlangs geopend 2012-11-15 06:52 . 2012-11-15 06:52 -------- d-----w- c:\documents and settings\mich\Application Data\AVG2013 2012-11-15 03:28 . 2012-11-15 03:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013 2012-11-15 03:28 . 2012-11-15 03:28 -------- d-----w- c:\documents and settings\mich\Application Data\TuneUp Software 2012-11-06 16:36 . 2012-11-06 16:36 -------- d-----w- c:\documents and settings\mich\Local Settings\Application Data\WMTools Downloaded Files 2012-11-06 11:22 . 2012-11-06 11:22 -------- d-----w- c:\program files\Voxengo 2012-11-06 11:12 . 2012-11-06 13:25 -------- d-----w- c:\documents and settings\mich\Application Data\Audacity 2012-11-06 11:12 . 2012-11-06 11:12 -------- d-----w- c:\program files\Audacity . . . Find3M Rapport . 2012-10-22 19:57 . 2008-04-15 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys 2012-10-02 18:04 . 2008-04-15 12:00 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-29 18:54 . 2012-07-22 06:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-21 02:46 . 2012-09-21 02:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys 2012-08-28 15:17 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2008-04-15 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:27 . 2008-04-15 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2008-04-14 22:11 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe . . Sigcheck Note: Unsigned files aren't necessarily malware. . [7] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys [-] 2008-04-15 12:00 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys [7] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys . Reg Opstartpunten . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664] Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Imprudence\\SLVoice.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\SecondLifeViewer2\\slplugin.exe"= "c:\\Program Files\\FinalTorrent\\FinalTorrent.EXE"= "c:\\Program Files\\FinalTorrent\\FTCheckForUpdates.exe"= "c:\\Program Files\\VirtualDJ\\virtualdj_pro.exe"= "c:\\Program Files\\SecondLifeViewer\\SLVoice.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Documents and Settings\\mich\\Bureaublad\\programma,s\\opensim-0.7.2-bin\\opensim-0.7.2-bin\\bin\\OpenSim.32BitLaunch.exe"= "c:\\Documents and Settings\\mich\\Bureaublad\\programma,s\\opensim-0.7.2-bin\\opensim-0.7.2-bin\\bin\\OpenSim.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AstraViewer\\SLVoice.exe"= "c:\\Program Files\\Firestorm-Release\\SLVoice.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Documents and Settings\\mich\\Application Data\\Dropbox\\bin\\Dropbox.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3306:TCP"= 3306:TCP:MySQL55 "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [13-12-2011 11:45 98304] R2 MySQL55;MySQL55;"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="c:\documents and settings\All Users\Application Data\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> c:\program files\MySQL\MySQL Server 5.5\bin\mysqld [?] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [20-10-2010 15:16 33792] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [13-12-2011 11:45 3735552] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14-1-2008 11:06 21632] S3 iq5c.sys;iq5c.sys;\??\c:\windows\system32\drivers\iq5c.sys --> c:\windows\system32\drivers\iq5c.sys [?] S4 cpuz134;cpuz134;\??\c:\docume~1\mich\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\mich\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2012-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2012-11-16 c:\windows\Tasks\FinalTorrent Update Checker.job - c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-10-15 13:24] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 14:13] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 14:13] . . Bijkomende Scan . uStart Page = hxxp://www.bing.nl/ mStart Page = hxxp://www.bing.com/ TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 . . . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-11-16 08:03 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . . [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL55] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\documents and settings\All Users\Application Data\MySQL\MySQL Server 5.5\my.ini\" MySQL55" . VERGRENDELDE REGISTER SLEUTELS . [HKEY_USERS\S-1-5-21-725345543-1801674531-1920980409-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6510B3E4-6EE6-A205-C777-56C343079B5B}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "ialpigngifofabcodc"=hex:6b,61,68,70,6c,63,64,62,6f,66,6b,6f,65,67,6a,63,67,64, 69,63,6c,66,00,02 "hanpkefgmpclnbjj"=hex:6b,61,63,70,68,63,6a,6e,63,6b,6a,6f,6c,6e,70,65,6b,6e, 68,62,6f,6e,00,02 "iahnafbkinmlepkboj"=hex:63,61,67,70,6d,66,00,7c "dbfpecamgachgadgmgocacdgkcgnfedpmipgiagm"=hex:68,61,6b,6e,66,63,6c,68,62,68, 62,70,67,6c,6e,6f,00,00 "jbfpecamgachgadgmgocncbeiinlljcmbhlmkohmjnokafommegi"=hex:68,61,6b,6e,66,63, 6c,68,62,68,62,70,67,6c,6e,6f,00,00 "dbfpecamgachgadgmgocddggffiaknhhjamnonbb"=hex:68,66,6e,62,66,63,69,61,6b,62, 61,62,6e,6f,6c,63,64,63,70,6d,69,62,62,61,66,6f,70,67,6d,6a,69,66,69,70,6a,\ "dbfphhpeklgjehagjlamnpcigofpmigfpcjeione"=hex:68,61,6b,6e,66,63,6c,68,62,68, 62,70,67,6c,6e,6f,00,00 "jbfphhpeklgjehagjlammaocaaggmnfkccholpeccoekhgghmmjd"=hex:68,61,6b,6e,66,63, 6c,68,62,68,62,70,67,6c,6e,6f,00,00 "dbfphhpeklgjehagjlamgapgemcfplkfachagcap"=hex:62,61,6e,62,00,00 "dbfpfhbphpodkknhkhiafeccoijhccnjkmnnhkae"=hex:68,61,6b,6e,66,63,6c,68,62,68, 62,70,67,6c,6e,6f,00,00 "jbfpfhbphpodkknhkhiaedbagnpnpmmhbmlhidmekkobjchifbpg"=hex:68,61,6b,6e,66,63, 6c,68,62,68,62,70,67,6c,6e,6f,00,00 "dbfpfhbphpodkknhkhiacdjemnldpmonfkbaamgd"=hex:62,62,6e,62,66,63,69,61,6b,62, 61,62,6e,6f,6c,63,64,63,70,6d,69,62,62,61,66,6f,70,67,6d,6a,69,66,69,70,6a,\ . DLLs Geladen Onder Lopende Processen . - - - - - - - > 'explorer.exe'(476) c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll c:\windows\system32\webcheck.dll . Andere Aktieve Processen . c:\windows\SOUNDMAN.EXE c:\windows\system32\RunDLL32.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\program files\Logitech\Video\FxSvr2.exe c:\program files\HP\hpcoretech\comp\hptskmgr.exe c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\MySQL\MySQL Server 5.5\bin\mysqld.exe c:\windows\system32\nvsvc32.exe c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\windows\system32\wdfmgr.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe . . Voltooingstijd: 2012-11-16 08:05:06 - machine werd herstart ComboFix-quarantined-files.txt 2012-11-16 07:05 ComboFix2.txt 2012-11-15 17:41 ComboFix3.txt 2011-08-30 18:03 . Pre-Run: 39.863.934.976 bytes beschikbaar Post-Run: 39.853.719.552 bytes beschikbaar . - - End Of File - - 611E7E24582A1297BDD4CDF18E5C6210 PS ik zie dat Combo fix mijn AVG nog steeds ziet terwjl ik alles heb weg gehaald ..er staat niets meer van AVG in software niet in proframma . nietin de taakbalk en ook niet in windows ...het enigste wat er nog staat is in C://programfiles ävg10 foler heeft 2 MHTML files en avg2013 driversmap heeft 4 Filters
  19. michrd
    ComboFix 12-11-13.03 - mich 15-11-2012 18:19:45.2.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3071.2412 [GMT 1:00]Gestart vanuit: c:\documents and settings\mich\Bureaublad\ComboFix.exeAV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}..(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\ism_0_llatsni.padc:\documents and settings\All Users\Application Data\kp_0loor.padc:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\All Users\Application Data\zak_lo0i7g.padc:\documents and settings\mich\Application Data\Google Talkc:\documents and settings\mich\WINDOWSC:\DocumentsC:\install.exeC:\prefs.jsc:\windows\system32\_000005_.tmp.dllc:\windows\system32\roboot.exec:\windows\system32\SET1CE.tmpc:\windows\system32\SET1CF.tmpc:\windows\system32\SET1D0.tmpc:\windows\system32\SET1D4.tmpc:\windows\system32\SET1D5.tmpc:\windows\system32\SET1D6.tmpc:\windows\system32\SET1DA.tmpc:\windows\system32\SET1DC.tmpc:\windows\system32\URTTempc:\windows\system32\URTTemp\fusion.dllc:\windows\system32\URTTemp\mscoree.dllc:\windows\system32\URTTemp\mscoree.dll.localc:\windows\system32\URTTemp\mscorsn.dllc:\windows\system32\URTTemp\mscorwks.dllc:\windows\system32\URTTemp\msvcr71.dllc:\windows\system32\URTTemp\regtlib.exec:\windows\system32\windrv.sys..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_xcpip-------\Service_xpsec..(((((((((((((((((((( Bestanden Gemaakt van 2012-10-15 to 2012-11-15 ))))))))))))))))))))))))))))))..2012-11-15 15:58 . 2012-11-15 15:58 -------- d--h--r- c:\documents and settings\mich\Onlangs geopend2012-11-15 06:52 . 2012-11-15 06:52 -------- d-----w- c:\documents and settings\mich\Application Data\AVG20132012-11-15 03:28 . 2012-11-15 03:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG20132012-11-15 03:28 . 2012-11-15 03:28 -------- d-----w- c:\documents and settings\mich\Application Data\TuneUp Software2012-11-06 16:36 . 2012-11-06 16:36 -------- d-----w- c:\documents and settings\mich\Local Settings\Application Data\WMTools Downloaded Files2012-11-06 11:22 . 2012-11-06 11:22 -------- d-----w- c:\program files\Voxengo2012-11-06 11:12 . 2012-11-06 13:25 -------- d-----w- c:\documents and settings\mich\Application Data\Audacity2012-11-06 11:12 . 2012-11-06 11:12 -------- d-----w- c:\program files\Audacity...((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-10-22 19:57 . 2008-04-15 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys2012-10-02 18:04 . 2008-04-15 12:00 58368 ----a-w- c:\windows\system32\synceng.dll2012-09-29 18:54 . 2012-07-22 06:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2012-09-21 02:46 . 2012-09-21 02:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys2012-08-28 15:17 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll2012-08-28 15:17 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll2012-08-28 15:17 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-08-28 12:07 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec2012-08-24 13:53 . 2008-04-15 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll2012-08-23 06:27 . 2008-04-15 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe2012-08-23 06:27 . 2008-04-14 22:11 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[7] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys[-] 2008-04-15 12:00 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys[7] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys[7] 2008-04-15 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys.((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-06-30 04:19 94208 ----a-w- c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-06-30 04:19 94208 ----a-w- c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-06-30 04:19 94208 ----a-w- c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2012-06-30 04:19 94208 ----a-w- c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112].c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]@="".[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\Imprudence\\SLVoice.exe"="c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"="c:\\Program Files\\SecondLifeViewer2\\slplugin.exe"="c:\\Program Files\\FinalTorrent\\FinalTorrent.EXE"="c:\\Program Files\\FinalTorrent\\FTCheckForUpdates.exe"="c:\\Program Files\\VirtualDJ\\virtualdj_pro.exe"="c:\\Program Files\\SecondLifeViewer\\SLVoice.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Documents and Settings\\mich\\Bureaublad\\programma,s\\opensim-0.7.2-bin\\opensim-0.7.2-bin\\bin\\OpenSim.32BitLaunch.exe"="c:\\Documents and Settings\\mich\\Bureaublad\\programma,s\\opensim-0.7.2-bin\\opensim-0.7.2-bin\\bin\\OpenSim.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\AstraViewer\\SLVoice.exe"="c:\\Program Files\\Firestorm-Release\\SLVoice.exe"="c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"="c:\\Documents and Settings\\mich\\Application Data\\Dropbox\\bin\\Dropbox.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3306:TCP"= 3306:TCP:MySQL55"3389:TCP"= 3389:TCP:Remote Desktop"65533:TCP"= 65533:TCP:Services"52344:TCP"= 52344:TCP:Services.R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [13-12-2011 11:45 98304]R2 MySQL55;MySQL55;"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="c:\documents and settings\All Users\Application Data\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> c:\program files\MySQL\MySQL Server 5.5\bin\mysqld [?]R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [20-10-2010 15:16 33792]R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [13-12-2011 11:45 3735552]R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14-1-2008 11:06 21632]S3 iq5c.sys;iq5c.sys;\??\c:\windows\system32\drivers\iq5c.sys --> c:\windows\system32\drivers\iq5c.sys [?]S4 cpuz134;cpuz134;\??\c:\docume~1\mich\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\mich\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?].--- Andere Services/Drivers In Geheugen ---.*NewlyCreated* - WS2IFSL.Inhoud van de 'Gedeelde Taken' map.2012-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57].2012-11-15 c:\windows\Tasks\FinalTorrent Update Checker.job- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-10-15 13:24].2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 14:13].2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 14:13]..------- Bijkomende Scan -------.uStart Page = hxxp://www.bing.nl/mStart Page = hxxp://www.bing.com/TCP: DhcpNameServer = 212.54.35.25 212.54.40.25.- - - - ORPHANS VERWIJDERD - - - -.WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)HKLM-Run-H2O - c:\program files\SyncroSoft\Pos\H2O\cledx.exeAddRemove-Mystical 2.0 - c:\windows\unvise32.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-11-15 18:38Windows 5.1.2600 Service Pack 3 NTFS.scannen van verborgen processen ... .scannen van verborgen autostart items ... .scannen van verborgen bestanden ... .Scan succesvol afgerondverborgen bestanden: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL55]"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\documents and settings\All Users\Application Data\MySQL\MySQL Server 5.5\my.ini\" MySQL55".--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------.[HKEY_USERS\S-1-5-21-725345543-1801674531-1920980409-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6510B3E4-6EE6-A205-C777-56C343079B5B}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"ialpigngifofabcodc"=hex:6b,61,68,70,6c,63,64,62,6f,66,6b,6f,65,67,6a,63,67,64, 69,63,6c,66,00,02"hanpkefgmpclnbjj"=hex:6b,61,63,70,68,63,6a,6e,63,6b,6a,6f,6c,6e,70,65,6b,6e, 68,62,6f,6e,00,02"iahnafbkinmlepkboj"=hex:63,61,67,70,6d,66,00,7c"dbfpecamgachgadgmgocacdgkcgnfedpmipgiagm"=hex:68,61,6b,6e,66,63,6c,68,62,68, 62,70,67,6c,6e,6f,00,00"jbfpecamgachgadgmgocncbeiinlljcmbhlmkohmjnokafommegi"=hex:68,61,6b,6e,66,63, 6c,68,62,68,62,70,67,6c,6e,6f,00,00"dbfpecamgachgadgmgocddggffiaknhhjamnonbb"=hex:68,66,6e,62,66,63,69,61,6b,62, 61,62,6e,6f,6c,63,64,63,70,6d,69,62,62,61,66,6f,70,67,6d,6a,69,66,69,70,6a,\"dbfphhpeklgjehagjlamnpcigofpmigfpcjeione"=hex:68,61,6b,6e,66,63,6c,68,62,68, 62,70,67,6c,6e,6f,00,00"jbfphhpeklgjehagjlammaocaaggmnfkccholpeccoekhgghmmjd"=hex:68,61,6b,6e,66,63, 6c,68,62,68,62,70,67,6c,6e,6f,00,00"dbfphhpeklgjehagjlamgapgemcfplkfachagcap"=hex:62,61,6e,62,00,00"dbfpfhbphpodkknhkhiafeccoijhccnjkmnnhkae"=hex:68,61,6b,6e,66,63,6c,68,62,68, 62,70,67,6c,6e,6f,00,00"jbfpfhbphpodkknhkhiaedbagnpnpmmhbmlhidmekkobjchifbpg"=hex:68,61,6b,6e,66,63, 6c,68,62,68,62,70,67,6c,6e,6f,00,00"dbfpfhbphpodkknhkhiacdjemnldpmonfkbaamgd"=hex:62,62,6e,62,66,63,69,61,6b,62, 61,62,6e,6f,6c,63,64,63,70,6d,69,62,62,61,66,6f,70,67,6d,6a,69,66,69,70,6a,\.--------------------- DLLs Geladen Onder Lopende Processen ---------------------.- - - - - - - > 'explorer.exe'(3312)c:\documents and settings\mich\Application Data\Dropbox\bin\DropboxExt.14.dllc:\windows\system32\webcheck.dllc:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dllc:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD.------------------------ Andere Aktieve Processen ------------------------.c:\windows\SOUNDMAN.EXEc:\windows\system32\RunDLL32.exec:\program files\HP\hpcoretech\comp\hptskmgr.exec:\program files\Logitech\Video\FxSvr2.exec:\program files\HP\Digital Imaging\bin\hpqgalry.exec:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exec:\program files\Java\jre6\bin\jqs.exec:\program files\MySQL\MySQL Server 5.5\bin\mysqld.exec:\windows\system32\nvsvc32.exec:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exec:\windows\system32\wdfmgr.exec:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe.**************************************************************************.Voltooingstijd: 2012-11-15 18:41:27 - machine werd herstartComboFix-quarantined-files.txt 2012-11-15 17:41ComboFix2.txt 2011-08-30 18:03.Pre-Run: 39.390.302.208 bytes beschikbaarPost-Run: 39.723.909.120 bytes beschikbaar.- - End Of File - - 0B0E84E51BF704AD71B220AA9F0A3498
  20. michrd
    ik heb diverse keren geprobeerd AVG weer opnieuw te intaeren maar die Blijft eerst Hangen en vervolgens na 30 Minuten krijg ik de melding dat hij nie geinstaeerd kn worden : ik heb CC cleaner diverse malen laten analyseren tot hij niets meer vond alles gaat enorm traag Dit is mijn HiJack file : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:14:28, on 15-11-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [googletalk] C:\Documents and Settings\mich\Application Data\Google Talk\googletalk.exe /autostart O4 - HKUS\S-1-5-21-725345543-1801674531-1920980409-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287579073281 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 7786 bytes
  21. michrd
    hiet is mijn Mbam Logje : Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Databaseversie: v2012.11.15.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 mich :: HOME-593292D6C1 [administrator] 15-11-2012 14:52:55 mbam-log-2012-11-15 (14-52-55).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 224007 Verstreken tijd: 8 minuut/minuten, 40 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) en dit is mijn laatste Hjack logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:03:55, on 15-11-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\notepad.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [googletalk] C:\Documents and Settings\mich\Application Data\Google Talk\googletalk.exe /autostart O4 - HKUS\S-1-5-21-725345543-1801674531-1920980409-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287579073281 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 8219 bytes p,s het duurde bijna een uur om Mbam te kunnen updaen / download en instaleren . en de downlod werd tot 3 keer toe afgebroken maar uiteindelijk is het me gelukt Het eerste file : R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=bf2&s={searchTerms}&f=4 ; kon hijack niet vinden . de rest heb ik wel aangevinkt
  22. michrd
    Hallo ; alls op mijn pc werkt eorm traag Programma.s werken niet meer goed en mijn internet explorer is enorm traag ik heb CC ceaner al gedraaid maar dat heeft ook niets geholpen mijn avg (free virusscanner) werkte nietmeer goed en ik heb de nieue 2013 versie gedownload deze werkt totaal niet ook zelf het typen hier geft fouten ik hoop dat jullie me veder kunnen helpen hiermee ik heb een logje van hjack this meegestuurd Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:40:51, on 15-11-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=bf2&s={searchTerms}&f=4 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [googletalk] C:\Documents and Settings\mich\Application Data\Google Talk\googletalk.exe /autostart O4 - HKUS\S-1-5-21-725345543-1801674531-1920980409-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287579073281 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (file missing) O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 8336 bytes Bij voorbaat dank Mich
  23. michrd
    Na 2e keer restart blijft het weg ....nogmaals heel erg bedankt Kape , ik zal deze als opgelost aanvinken
  24. michrd
    Superrrrr!!! het is weg Joepieeeeee Heel erg Bedankt voor je supersnelle reactie Kape ......Ik Wens je een fijne zondag toe Groeten Mich Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:25:44, on 22-7-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-725345543-1801674531-1920980409-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287579073281 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 9050 bytes Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Databaseversie: v2012.07.22.01 Windows XP Service Pack 3 x86 NTFS (Veilige modus/netwerkmogelijkheden) Internet Explorer 8.0.6001.18702 mich :: HOME-593292D6C1 [administrator] 22-7-2012 8:04:59 mbam-log-2012-07-22 (08-04-59).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 213057 Verstreken tijd: 8 minuut/minuten, 51 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Trojan.Agent.WNL) -> Data: C:\Documents and Settings\mich\Application Data\TarArchiver.exe,C:\WINDOWS\System32\userinit.exe, -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 2 C:\Documents and Settings\mich\Local Settings\Temp\rool0_pk.exe (Spyware.Zbot.DG) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\mich\Local Settings\Application Data\promo.exe (PUP.Soge) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Dankje wel !!!!
  25. michrd
    Hallo ook ik heb het politievirus opgelopen , en kan aleen nog in veiligge modes in mijn pc komen ik heb een hijack this file toegevoegd. ik hoop dat jullie kunnen helpen me te verlossen van dit virus Bij voorbaat heel veel Dank !! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:21:06, on 22-7-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ctfmon.lnk = C:\WINDOWS\system32\rundll32.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Application Data\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Zoek op het web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287579073281 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 8130 bytes
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.