jokemenke

5-2-2012 14:14:42 mbam-log-2012-02-05 (14-14-42).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 158795 Verstreken tijd: 8 minuut/minuten, 57 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 1 C:\Users\Gebruiker\M-1-52-5782-8754-5245 (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:21:57, on 5-2-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Windows\CmUCReye.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/?ocid=OIE9HP R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\IEPro\IEProRecorder.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [Cmiboot] C:\Windows\cmiboot.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [EA Core] "C:\Users\Gebruiker\Desktop\spellen\EADM\Core.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: CyberMania - ServiceEx - C:\Program Files\ESET\ServiceEx.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 7560 bytes

Het logje van de 2e laptop; Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:52:01, on 5-2-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\CmUCReye.exe C:\Windows\System32\rundll32.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\IEPro\IEProRecorder.dll O3 - Toolbar: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll (file missing) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [Cmiboot] C:\Windows\cmiboot.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [EA Core] "C:\Users\Gebruiker\Desktop\spellen\EADM\Core.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: CyberMania - ServiceEx - C:\Program Files\ESET\ServiceEx.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 8024 bytes

wist niet zeker of dat moest,maar ken de files ook,heb ze al langer op schijf staan dan probleem,heb ze alsnog gefixed,nu deze log; Malwarebytes Anti-Malware 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.02.03.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 MASTER :: PC_VAN_MASTER [administrator] 5-2-2012 10:40:08 mbam-log-2012-02-05 (10-40-08).txt Scantype: Volledige scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 184791 Verstreken tijd: 24 minuut/minuten, 43 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 4 D:\Norton Trial Reset-v3.3.1.exe (RiskWare.Tool.CK) -> Succesvol in quarantaine geplaatst en verwijderd. D:\Norton Trial Reset-v3.1.0.exe (RiskWare.Tool.CK) -> Succesvol in quarantaine geplaatst en verwijderd. G:\backup master\diverse programma's\Norton.2011.Trial.Reset.v3.3.1.NAV-NIS-N360.by.BOX\Norton Internet Security Antivirus + Serials + Trial Reset\Norton Trial Reset-v3.1.0.exe (RiskWare.Tool.CK) -> Succesvol in quarantaine geplaatst en verwijderd. G:\backup master\diverse programma's\Norton.2011.Trial.Reset.v3.3.1.NAV-NIS-N360.by.BOX\Norton Internet Security Antivirus + Serials + Trial Reset\Norton Trial Reset-v3.3.1.exe (RiskWare.Tool.CK) -> Succesvol in quarantaine geplaatst en verwijderd. (einde)

Voila ! Malwarebytes Anti-Malware 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.02.03.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 MASTER :: PC_VAN_MASTER [administrator] 5-2-2012 10:40:08 mbam-log-2012-02-05 (11-09-23).txt Scantype: Volledige scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 184791 Verstreken tijd: 24 minuut/minuten, 43 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 4 D:\Norton Trial Reset-v3.3.1.exe (RiskWare.Tool.CK) -> Geen actie ondernomen. D:\Norton Trial Reset-v3.1.0.exe (RiskWare.Tool.CK) -> Geen actie ondernomen. G:\backup master\diverse programma's\Norton.2011.Trial.Reset.v3.3.1.NAV-NIS-N360.by.BOX\Norton Internet Security Antivirus + Serials + Trial Reset\Norton Trial Reset-v3.1.0.exe (RiskWare.Tool.CK) -> Geen actie ondernomen. G:\backup master\diverse programma's\Norton.2011.Trial.Reset.v3.3.1.NAV-NIS-N360.by.BOX\Norton Internet Security Antivirus + Serials + Trial Reset\Norton Trial Reset-v3.3.1.exe (RiskWare.Tool.CK) -> Geen actie ondernomen. (einde)

Ga ik doen,mag ik nog even opmerken dat ik deze hulp zeeeer waardeer !!!!!

als ik de usb stick op de pc aansluit,heb ik een aantal transparante mappen waar ik inkan,echter op mijn opgekuiste laptop zie ik deze mappen niet. Koppel ik de sd card van mijn telefoon,heb ik nog steeds de snelkop,als ik deze probeer te openen,reageert Norton met de melding dat risico W32.IRCBot wordt aangepakt. Jo dit ging dubbel,sorry daarvoor.... ---------- Post toegevoegd om 10:19 ---------- Vorige post was om 10:07 ---------- volgens mij gebeurt er weinig met Flash , ik zie niets.... ---------- Post toegevoegd om 10:20 ---------- Vorige post was om 10:19 ---------- er gebeurt niets geloof ik,ik zie niets

Als ik de telefoon aansluit heb ik nog steeds snelkop waar ik niet in kan.Als ik erop druk,krijg ik van Norton een melding dat bedreiging W32.IRCBot wordt aangepakt. Mijn usb stick,geeft op de pc een aantal mappen weer,die half transparant zijn,en op de opgekuiste laptop niet zichtbaar zijn.

Morge, ik heb op een nieuwe usb geen probleem meer,zogezegd perfect opgelost,allleen ,een van de problleem schijven waarop de snelkop. staan,is de sd kaart van mijn telefoon,en daar staan ze nog steeds op. Misschien een dom van mij,maar ik realiseerde mij vanmorgen eigenlijk pas dat deze tijdens al deze scans misschien gekoppeld had moeten zij met de laptop????? Jo.

geregeld.....geen melding van recovery console gehad,en geen error. ComboFix 12-02-03.02 - MASTER 04-02-2012 12:13:36.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2037.919 [GMT 1:00] Gestart vanuit: c:\users\MASTER\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\MASTER\AppData\Local\TempDIR c:\users\MASTER\AppData\Local\TempDIR\BetterInstaller.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))) . . 2012-02-03 15:51 . 2012-02-03 15:53 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D 2012-02-03 15:25 . 2012-02-03 15:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-03 15:25 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-03 15:18 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-02-03 15:18 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-02-03 15:18 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-02-03 15:18 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll 2012-02-03 15:18 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-02-03 15:18 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe 2012-01-29 22:23 . 2012-01-29 22:23 388096 ----a-r- c:\users\MASTER\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-29 22:23 . 2012-01-29 22:23 -------- d-----w- c:\program files\Trend Micro 2012-01-29 18:52 . 2010-01-22 08:56 149456 ----a-w- c:\windows\SGDetectionTool.dll 2012-01-29 18:52 . 2010-01-22 08:56 1652688 ----a-w- c:\windows\PCTBDCore.dll 2012-01-29 18:52 . 2010-01-22 08:55 767952 ----a-w- c:\windows\BDTSupport.dll 2012-01-29 18:52 . 2010-01-22 08:56 165840 ----a-w- c:\windows\PCTBDRes.dll 2012-01-29 18:47 . 2010-02-05 08:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys 2012-01-29 18:47 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2012-01-29 18:47 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2012-01-29 18:47 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2012-01-29 18:47 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2012-01-29 18:47 . 2012-01-30 05:28 -------- d-----w- c:\program files\Spyware Doctor 2012-01-29 18:47 . 2012-01-29 18:52 -------- d-----w- c:\program files\Common Files\PC Tools 2012-01-29 18:47 . 2012-01-29 18:47 -------- d-----w- c:\users\MASTER\AppData\Roaming\PC Tools 2012-01-29 18:47 . 2012-01-29 18:47 -------- d-----w- c:\programdata\PC Tools 2012-01-29 17:15 . 2012-01-29 17:15 -------- d-----w- c:\users\MASTER\AppData\Roaming\Malwarebytes 2012-01-29 17:15 . 2012-01-29 17:15 -------- d-----w- c:\programdata\Malwarebytes 2012-01-29 14:34 . 2012-01-29 14:34 -------- d-----w- c:\users\MASTER\AppData\Roaming\Outlook 2012-01-29 13:45 . 2012-02-04 07:46 -------- d-----w- c:\users\MASTER\AppData\Local\Htc 2012-01-29 13:29 . 2012-01-29 14:34 -------- d-----w- c:\users\MASTER\AppData\Roaming\HTC 2012-01-29 13:26 . 2012-01-29 13:35 -------- d-----w- c:\users\MASTER\AppData\Local\Downloaded Installations 2012-01-29 13:23 . 2012-01-29 13:23 -------- d-----w- c:\program files\Spirent Communications 2012-01-29 13:19 . 2012-01-29 13:28 -------- d-----w- c:\program files\HTC 2012-01-29 13:18 . 2012-01-29 13:33 -------- d-----w- c:\program files\Common Files\Adobe AIR 2012-01-28 13:15 . 2012-01-28 23:37 -------- d-----w- c:\users\MASTER\AppData\Local\AChat 2012-01-14 13:17 . 2012-01-21 18:42 -------- d-----w- c:\program files\uTorrent 2012-01-14 13:16 . 2012-02-04 11:23 -------- d-----w- c:\users\MASTER\AppData\Roaming\uTorrent 2012-01-14 11:46 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll 2012-01-14 11:46 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll 2012-01-14 11:46 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll 2012-01-14 11:46 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll 2012-01-14 11:46 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-01-14 11:46 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-01-14 11:46 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll 2012-01-14 11:46 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-24 08:30 . 2011-12-24 08:30 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-11-23 13:37 . 2011-12-16 21:06 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-11-21 10:47 . 2011-12-23 23:55 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84AD15B1-8771-44E3-B6CB-7BD37759E6B1}\mpengine.dll 2011-11-20 15:41 . 2011-11-20 15:42 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-12 07:35 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2011-11-12 07:34 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2011-11-08 14:42 . 2011-12-16 21:06 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-06 22:22 . 2011-11-06 22:22 40960 ----a-w- c:\windows\system32\drivers\nl-NL\http.sys.mui 2011-11-06 21:15 . 2011-11-06 21:15 23552 ----a-w- c:\windows\system32\lpk.dll 2011-11-06 21:15 . 2011-11-06 21:15 10240 ----a-w- c:\windows\system32\dciman32.dll 2011-11-06 21:12 . 2011-11-06 21:12 72704 ----a-w- c:\windows\system32\admparse.dll 2011-11-06 21:12 . 2011-11-06 21:12 48128 ----a-w- c:\windows\system32\mshtmler.dll 2011-11-06 21:09 . 2011-11-06 21:09 61440 ----a-w- c:\windows\system32\winipsec.dll 2011-11-06 21:09 . 2011-11-06 21:09 272896 ----a-w- c:\windows\system32\polstore.dll 2011-11-06 20:59 . 2011-11-06 20:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2011-11-06 20:59 . 2011-11-06 20:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2011-11-06 20:59 . 2011-11-06 20:59 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2011-11-06 20:59 . 2011-11-06 20:59 19968 ----a-w- c:\windows\system32\ARP.EXE 2011-11-06 20:59 . 2011-11-06 20:59 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2011-11-06 20:59 . 2011-11-06 20:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2011-11-06 20:59 . 2011-11-06 20:59 105984 ----a-w- c:\windows\system32\netiohlp.dll 2011-11-06 20:59 . 2011-11-06 20:59 10240 ----a-w- c:\windows\system32\finger.exe 2011-11-06 20:53 . 2011-11-06 20:53 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2011-11-06 20:53 . 2011-11-06 20:53 68096 ----a-w- c:\windows\system32\wlanhlp.dll 2011-11-06 20:53 . 2011-11-06 20:53 65024 ----a-w- c:\windows\system32\wlanapi.dll 2011-11-06 20:53 . 2011-11-06 20:53 513536 ----a-w- c:\windows\system32\wlansvc.dll 2011-11-06 20:53 . 2011-11-06 20:53 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2011-11-06 20:53 . 2011-11-06 20:53 302592 ----a-w- c:\windows\system32\wlansec.dll 2011-11-06 20:53 . 2011-11-06 20:53 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs 2011-11-06 20:51 . 2011-11-06 20:51 1401856 ----a-w- c:\windows\system32\msxml6.dll 2011-11-06 20:50 . 2011-11-06 20:50 2048 ----a-w- c:\windows\system32\msxml3r.dll 2011-11-06 20:50 . 2011-11-06 20:50 2048 ----a-w- c:\windows\system32\msxml6r.dll 2011-11-06 20:48 . 2011-11-06 20:48 218624 ----a-w- c:\windows\system32\msv1_0.dll 2011-11-06 20:42 . 2011-11-06 20:42 53248 ----a-w- c:\windows\system32\rrinstaller.exe 2011-11-06 20:42 . 2011-11-06 20:42 24576 ----a-w- c:\windows\system32\mfpmp.exe 2011-11-06 20:42 . 2011-11-06 20:42 2048 ----a-w- c:\windows\system32\mferror.dll 2011-11-06 20:28 . 2011-11-06 20:28 71680 ----a-w- c:\windows\system32\atl.dll 2011-11-06 20:13 . 2011-11-06 20:13 160256 ----a-w- c:\windows\system32\wkssvc.dll 2011-11-06 20:11 . 2011-11-06 20:11 136192 ----a-w- c:\windows\system32\aaclient.dll 2011-11-06 20:11 . 2011-11-06 20:11 53248 ----a-w- c:\windows\system32\tsgqec.dll 2011-11-06 20:03 . 2011-11-06 20:03 714240 ----a-w- c:\windows\system32\timedate.cpl 2011-11-06 19:43 . 2011-11-06 19:43 623616 ----a-w- c:\windows\system32\localspl.dll 2011-11-06 19:32 . 2011-11-06 19:32 172032 ----a-w- c:\windows\system32\wintrust.dll 2011-11-06 19:30 . 2011-11-06 19:30 499712 ----a-w- c:\windows\system32\kerberos.dll 2011-11-06 19:30 . 2011-11-06 19:30 175104 ----a-w- c:\windows\system32\wdigest.dll 2011-11-06 19:25 . 2011-11-06 19:25 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll 2011-11-06 19:25 . 2011-11-06 19:25 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll 2011-11-06 19:25 . 2011-11-06 19:25 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll 2011-11-06 19:25 . 2011-11-06 19:25 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll 2011-11-06 19:25 . 2011-11-06 19:25 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll 2011-11-06 19:25 . 2011-11-06 19:25 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll 2011-11-06 19:25 . 2011-11-06 19:25 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll 2011-11-06 19:25 . 2011-11-06 19:25 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll 2011-11-06 19:25 . 2011-11-06 19:25 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll 2011-11-06 19:25 . 2011-11-06 19:25 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll 2011-11-06 19:25 . 2011-11-06 19:25 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll 2011-11-06 19:25 . 2011-11-06 19:25 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll 2011-11-06 19:25 . 2011-11-06 19:25 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll 2011-11-06 19:25 . 2011-11-06 19:25 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll 2011-11-06 19:25 . 2011-11-06 19:25 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll 2011-11-06 19:25 . 2011-11-06 19:25 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll 2011-11-06 19:25 . 2011-11-06 19:25 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll 2011-11-06 19:25 . 2011-11-06 19:25 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll 2011-11-06 19:25 . 2011-11-06 19:25 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll 2011-11-06 19:25 . 2011-11-06 19:25 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll 2011-11-06 19:25 . 2011-11-06 19:25 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll 2011-11-06 19:25 . 2011-11-06 19:25 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll 2011-11-06 19:25 . 2011-11-06 19:25 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll 2011-11-06 19:25 . 2011-11-06 19:25 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll 2011-11-06 19:25 . 2011-11-06 19:25 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll 2011-11-06 19:25 . 2011-11-06 19:25 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll 2011-11-06 19:25 . 2011-11-06 19:25 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll 2011-11-06 19:25 . 2011-11-06 19:25 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll 2011-11-06 19:25 . 2011-11-06 19:25 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll 2011-11-06 19:25 . 2011-11-06 19:25 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll 2011-11-06 19:25 . 2011-11-06 19:25 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll 2011-11-06 19:25 . 2011-11-06 19:25 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll 2011-11-06 19:25 . 2011-11-06 19:25 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll 2011-11-06 19:25 . 2011-11-06 19:25 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll 2011-11-06 19:25 . 2011-11-06 19:25 7042560 ----a-w- c:\windows\system32\NlsLexicons081a.dll 2011-11-06 19:25 . 2011-11-06 19:25 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll 2011-11-06 19:24 . 2011-11-06 19:24 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll 2011-11-06 19:24 . 2011-11-06 19:24 3104768 ----a-w- c:\windows\system32\NlsData0045.dll 2011-11-06 19:24 . 2011-11-06 19:24 3104768 ----a-w- c:\windows\system32\NlsData0046.dll 2011-11-06 19:24 . 2011-11-06 19:24 3104768 ----a-w- c:\windows\system32\NlsData0047.dll 2011-11-06 19:24 . 2011-11-06 19:24 3104768 ----a-w- c:\windows\system32\NlsData0049.dll 2011-11-06 19:24 . 2011-11-06 19:24 3104768 ----a-w- c:\windows\system32\NlsData0039.dll 2011-11-06 19:24 . 2011-11-06 19:24 3104768 ----a-w- c:\windows\system32\NlsData0020.dll 2011-11-06 19:24 . 2011-11-06 19:24 1801216 ----a-w- c:\windows\system32\NlsData0021.dll 2011-11-06 19:24 . 2011-11-06 19:24 1801216 ----a-w- c:\windows\system32\NlsData0022.dll 2011-11-06 19:24 . 2011-11-06 19:24 1965056 ----a-w- c:\windows\system32\NlsData0024.dll 2011-11-06 19:24 . 2011-11-06 19:24 4495360 ----a-w- c:\windows\system32\NlsData0010.dll 2011-11-06 19:24 . 2011-11-06 19:24 1966592 ----a-w- c:\windows\system32\NlsData0027.dll 2011-11-06 19:24 . 2011-11-06 19:24 1965056 ----a-w- c:\windows\system32\NlsData0026.dll 2011-11-06 19:24 . 2011-11-06 19:24 2657280 ----a-w- c:\windows\system32\NlsData0011.dll 2011-11-06 19:24 . 2011-11-06 19:24 3466752 ----a-w- c:\windows\system32\NlsData0013.dll 2011-11-06 19:24 . 2011-11-06 19:24 1965056 ----a-w- c:\windows\system32\NlsData0018.dll 2011-11-06 19:24 . 2011-11-06 19:24 1523712 ----a-w- c:\windows\system32\NlsData0000.dll 2011-11-06 19:24 . 2011-11-06 19:24 4497408 ----a-w- c:\windows\system32\NlsData0019.dll 2011-11-06 19:24 . 2011-11-06 19:24 2599936 ----a-w- c:\windows\system32\NlsData0001.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552] "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-10 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-10 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-10 81920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104] "TOSHIBA Volume Indicator"="c:\program files\Toshiba\Utilities\VolControl.exe" [2006-12-13 94208] "NDSTray.exe"="NDSTray.exe" [bU] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1605367740-1994689716-2784367628-1000Core.job - c:\users\MASTER\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 16:08] . 2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1605367740-1994689716-2784367628-1000UA.job - c:\users\MASTER\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 16:08] . . ------- Bijkomende Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-02-04 12:25 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????2??m???????? ???X????????? . scannen van verborgen bestanden ... . . c:\users\MASTER\AppData\Local\Temp\catchme.dll 53248 bytes executable . Scan succesvol afgerond verborgen bestanden: 1 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1605367740-1994689716-2784367628-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B90A40B7-7D51-DE4A-7F8F-C14282825C91}*] "bbmgolmgdpjadmmfkkijepilcnadenhpkpmi"=hex:61,62,66,6a,6c,65,6d,66,66,6d,63,6e, 68,6c,63,64,6d,68,66,67,61,67,6d,6d,6c,6f,61,6a,6f,6c,6d,6e,6e,6c,00,77 "abmgolmgdpjadmmfkkhjllmokaainfbfgf"=hex:61,62,6b,6a,64,67,6c,63,6e,62,68,6c, 6d,6d,70,70,69,6a,67,67,61,67,63,64,69,67,70,64,6a,61,6d,6e,65,68,00,77 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2012-02-04 12:29:06 ComboFix-quarantined-files.txt 2012-02-04 11:29 . Pre-Run: 18.211.151.872 bytes beschikbaar Post-Run: 18.049.273.856 bytes beschikbaar . - - End Of File - - 29716A2A350CFDA73C3F9F6645242706

Morge, Heb scan als admin uitgevoerd en dat ene file is nu weg. Na malware 2x opnieuw opgestart,en ik zie inderdaad een aantal files die ik voorheen niet zag. Klaar voor de volgende stap...... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:19:11, on 4-2-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\rundll32.exe C:\Program Files\TOSHIBA\Utilities\VolControl.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\uTorrent\uTorrent.exe C:\Users\MASTER\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\MASTER\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MASTER\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe" O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\MASTER\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted IP range: http://192.168.1.1 O15 - ESC Trusted IP range: http://192.168.1.1 O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7292 bytes

hee kweezie wabbit, Thuis,eindelijk,dank voor je reactie ! Ben met je opdrachten meteen van start gegaan; Ik heb de 6 regels aangevinkt en verwijderd,daarna met malware gescand en ook daarmee de problemen verwijderd. dit is het log van malware: Malwarebytes Anti-Malware 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.02.03.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 MASTER :: PC_VAN_MASTER [administrator] 3-2-2012 16:31:05 mbam-log-2012-02-03 (16-31-05).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 165441 Verstreken tijd: 10 minuut/minuten, 37 seconde(n) Geheugenprocessen gedetecteerd: 1 C:\Users\MASTER\M-1-52-5782-8754-5245\winbit.exe (Trojan.Agent) -> 1620 -> Zal worden verwijderd tijdens het herstarten. Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® Windows System (Trojan.Agent) -> Data: C:\Users\MASTER\M-1-52-5782-8754-5245\winbit.exe -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 1 C:\Users\MASTER\M-1-52-5782-8754-5245 (Trojan.Agent.Gen) -> Zal worden verwijderd tijdens het herstarten. Bestanden gedetecteerd: 1 C:\Users\MASTER\M-1-52-5782-8754-5245\winbit.exe (Trojan.Agent) -> Zal worden verwijderd tijdens het herstarten. (einde) Daarna heb ik gescand met hijack waarvan deze log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:00:28, on 3-2-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\rundll32.exe C:\Program Files\TOSHIBA\Utilities\VolControl.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/// R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe" O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\MASTER\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted IP range: http://192.168.1.1 O15 - ESC Trusted IP range: http://192.168.1.1 O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7121 bytes Ga nu Unhide downloaden en uitvoeren,bericht volgt. Op je vraag over IE 7 of 9 moet ik antwoorden dat ik deze beide niet gebruik,ik heb al enige tijd chrome als internet agent. Groetjes Jo Heb van Unhide de melding gehad dat files zichtbaar zijn.

Ik heb sinds een paar dagen op 2 laptops en 1 pc het probleem dat op alles wat ik via een usb poort met de pc's verbind,de mappen in snelkoppelingen veranderen,uiterst vervelend ! Op het forum heb ik meerdere van deze problemen voorbij zien komen,en ik heb reeds een hijackthis logje gemaakt van een laptop (je moet ergens beginnen nietwaar) Ik ben voor mijn werk door de week onderweg,en kan niet online checken wat jullie eventueel antwoord is,dit kan ik enkel in het weekend,ik hoop dat dit geen probleem is..... Hieronder volgt het logje. Ik hoop dat jullie me helpen kunnen ! tot vrijdag?zaterdag,Jo. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:27:55, on 29-1-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Utilities\VolControl.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\taskeng.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe C:\Users\MASTER\M-1-52-5782-8754-5245\winbit.exe C:\Windows\system32\conime.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\totalcmd\TOTALCMD.EXE C:\Users\MASTER\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MASTER\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\msiexec.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/// R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file) O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe" O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\MASTER\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Microsoft® Windows System] C:\Users\MASTER\M-1-52-5782-8754-5245\winbit.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - eBay, de wereldwijde online handelsplaats (file missing) O15 - Trusted IP range: http://192.168.1.1 O15 - ESC Trusted IP range: http://192.168.1.1 O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9651 bytes