GijsM

Kape, Zodra ik de download link aanklik word er een bestand genaamd launch.exe gedownload. als ik launch.exe aanklik sluit het gehele systeem af wegens een fatale fout heb je een andere link? Gijs

Hallo Kape Grote schoonmaak afgerond. Echter iets te vroeg gejuicht, er zijn nog/weer redirects Gijs

Goedenavond Kape, hieronder emisoftlog: Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 5-1-2012 18:43:01 Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 5-1-2012 18:44:25 c:\program files\Enigma Software Group Ontdekt: Trace.Directory.SpyHunter!A2 C:\Documents and Settings\Gijs\Application Data\Sun\Java\Deployment\cache\6.0\14\6427c24e-76fd858a/Translate.class Ontdekt: Virus.Java.Exploit!IK C:\Documents and Settings\Gijs\Mijn documenten\Documenten gijs\software\donaldduck2.exe Ontdekt: Backdoor.Win32.RShot!IK Gescand Bestanden: 152376 Sporen: 403649 Cookies: 451 Processen: 37 Gevonden Bestanden: 2 Sporen: 1 Cookies: 0 Processen: 0 Registersleutels: 0 Scan Geëindigd: 5-1-2012 21:33:57 Scantijd: 2:49:32 C:\Documents and Settings\Gijs\Mijn documenten\Documenten gijs\software\donaldduck2.exe Verwijderd Backdoor.Win32.RShot!IK C:\Documents and Settings\Gijs\Application Data\Sun\Java\Deployment\cache\6.0\14\6427c24e-76fd858a/Translate.class Verwijderd Virus.Java.Exploit!IK c:\program files\Enigma Software Group Verwijderd Trace.Directory.SpyHunter!A2 Verwijderd Bestanden: 2 Sporen: 1 Cookies: 0 Geen redirects meer

Goedenavond Kape, was er ff een paar dagen tussen uit. genoemde actie geprobeerd in zowel veilige als normale modus echter zonder succes Gijs

Goedenavond Asus, Ben druk bezig in een ander subforum met Kape (virussen en spyware) Gijs

Kape, zie log hieronder, nog steeds redirects aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software Run date: 2011-12-30 19:20:44 ----------------------------- 19:20:44.500 OS Version: Windows 5.1.2600 Service Pack 3 19:20:44.500 Number of processors: 2 586 0x1C02 19:20:44.500 ComputerName: MXXXXX UserName: Gijs 19:20:45.656 Initialze error 0 - driver not loaded 19:21:04.093 Service scanning 19:21:05.750 Modules scanning 19:21:05.750 Disk 0 trace - called modules: 19:21:05.750 19:21:05.750 Scan finished successfully 19:21:35.046 The log file has been saved successfully to "C:\Documents and Settings\Gijs\Bureaublad\aswMBR.txt"

Nog steeds, samen met IE fout meldingen:argh:

Laatste optie werkt, Hieronder log. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 30-12-2011 at 11:40:51. Operating System: Microsoft Windows XP Processes terminated by Rkill or while it was running: C:\Documents and Settings\Gijs\Bureaublad\iExplore.exe Rkill completed on 30-12-2011 at 11:42:11.

Geprobeerd met werkend prog. op stick , maar hij wil op de besmette PC niet scannen (normale en veilige modus)

Helaas nog steeds doorverwijzingen. Daarnaast begint een ander probleem (gisteren gepost op Internet & Netwerk) steeds vervelender te worden. IE8 geeft haast continue een foutmelding en start dan opnieuw op. kan dat er (ook) mee te maken hebben?

Kape, MBAM gedownload en geupdate. Daarna gestart (snelle scan) Na het scannen kreeg ik direct een logje, zie onder. Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Databaseversie: v2011.12.29.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Gijs :: MXXXXX [administrator] 29-12-2011 16:55:40 mbam-log-2011-12-29 (16-55-40).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 170435 Verstreken tijd: 5 minuut/minuten, 33 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)

Kape, Helaas beide pogingen om TDSS killer te starten (normale modus en veilige modus )zonder resultaat. Gijs

Kape, Bijdeze het combofix log. ComboFix 11-12-28.03 - Gijs 29-12-2011 10:34:28.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2039.1417 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gijs\Bureaublad\ComboFix.exe AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Gijs\Application Data\HPSU_48BitScanUpdate.log c:\windows\system32\SET31.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))) . . 2011-12-29 08:27 . 2011-12-29 08:27 -------- d-----w- c:\windows\LastGood 2011-12-27 20:30 . 2011-12-27 20:30 -------- d-----w- c:\documents and settings\Gijs\Local Settings\Application Data\Mozilla 2011-12-27 16:31 . 2011-12-29 09:24 -------- d--h--r- c:\documents and settings\Gijs\Onlangs geopend 2011-12-21 20:13 . 2011-12-21 20:13 -------- d-----w- c:\program files\ESET 2011-12-19 13:08 . 2011-12-19 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-27 20:39 . 2011-09-24 09:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-23 14:40 . 2009-03-04 01:59 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-16 19:27 . 2011-11-16 19:27 388096 ----a-r- c:\documents and settings\Gijs\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-04 19:13 . 2009-03-04 01:59 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2009-03-04 01:59 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2009-03-04 01:59 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2009-03-04 01:59 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2009-03-04 01:59 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2009-03-04 01:59 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-27 17:33 . 2011-10-27 17:33 643072 ----a-w- c:\windows\AJScreensaver.scr 2011-10-18 11:13 . 2009-03-04 01:59 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2009-03-03 17:13 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-07 05:23 . 2011-07-10 23:13 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-10-04 05:21 . 2011-07-10 23:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys 2011-12-21 08:02 . 2011-12-27 20:30 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2011-12-19 13:08 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll" [2011-12-19 1574240] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-31 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-19 892768] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Desktop Manager.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Desktop Manager.lnk backup=c:\windows\pss\Desktop Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snagit 9.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Snagit 9.lnk backup=c:\windows\pss\Snagit 9.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate] 2009-08-31 09:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor] 2007-12-10 13:55 323584 ----a-w- c:\windows\Pixart\Pac7302\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PACTray] 2009-03-23 11:12 327680 ----a-w- c:\windows\Pixart\Pac7302\PACTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager] 2009-08-05 20:53 1590616 ----a-w- c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-01-31 13:46 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "tmlisten"=2 (0x2) "Pml Driver HPZ12"=2 (0x2) "OfcPfwSvc"=2 (0x2) "ntrtscan"=2 (0x2) "gusvc"=3 (0x3) "gupdatem"=3 (0x3) "gupdate1ca01a04ea3943e"=2 (0x2) "ETService"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 0:14 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 5:30 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11-7-2011 0:13 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 0:14 295248] R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [23-11-2011 2:36 2391832] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 6:25 4433248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 5:09 192776] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-8-2010 10:38 92008] R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [19-12-2011 14:08 869216] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [23-5-2011 0:03 30944] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 0:14 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 0:14 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11-7-2011 0:14 16720] S2 gupdate1ca01a04ea3943e;Google Updateservice (gupdate1ca01a04ea3943e);c:\program files\Google\Update\GoogleUpdate.exe [10-7-2009 21:52 133104] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [3-3-2009 18:26 1684736] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [23-5-2011 0:03 30944] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-7-2009 21:52 133104] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2011-12-29 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Start On Gijs Logon.job - c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2011-10-26 13:58] . 2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 20:52] . 2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 20:52] . 2011-12-29 c:\windows\Tasks\User_Feed_Synchronization-{C3146E36-9EF8-4964-868D-6CACC99F4E9A}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nu.nl/ uInternet Connection Wizard,ShellNext = hxxp://www.kpn.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: vrhm.nl\bhmlogin TCP: DhcpNameServer = 10.0.0.138 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll FF - ProfilePath - c:\documents and settings\Gijs\Application Data\Mozilla\Firefox\Profiles\plpi6i7g.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-12-29 12:25 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2011-12-29 12:42:10 ComboFix-quarantined-files.txt 2011-12-29 11:41 ComboFix2.txt 2011-11-16 21:13 . Pre-Run: 88.938.307.584 bytes beschikbaar Post-Run: 89.061.470.208 bytes beschikbaar . - - End Of File - - 217A372775A5ABF803BE8A8849AD01B1

Goedenavond Kape, MVPS actie uitgevoerd, TDSS gedownload en uitgepak alleen krijg hem niet gestart Gijs

Hallo allemaal, Ik heb behoorlijk last van een Google redirect "virus?" Hier onder een HJT logje van zojuist Iemand een idee? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:46:13, on 28-12-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG2012\avgfws.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\Program Files\AVG Secure Search\vprot.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Internet, televisie, mobiel en vast bellen R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: ::1 localhost #[iPv6] O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247168174955 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247168141080 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate1ca01a04ea3943e) (gupdate1ca01a04ea3943e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- End of file - 7823 bytes