jan lambrechts

Dit zijn de afbeeldingen: met vriendelijke groeten, jan lambrechts

Hallo, ik krijg geen meldingen meer. Het roxio-probleem blijft: als ik dubbelklik op een bestand geen probleem, als ik rechtsklik met de muis opent steeds weer een roxio installatiescherm en als ik dan annuleer krijg ik de normale opties: openen, openen met, enz... Aangezien ik het programma toch niet gebruik heb ik het proberen verwijderen, maar dan krijg ik ook een foutmelding. met vriendelijke groeten, jan lambrechts

Hallo, hier is het logje: Zoek.exe Version 4.0.0.4 Updated 17-July-2013 Tool run by Corilus on do 18/07/2013 at 11:45:51,14. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected ==== Batch Command(s) Run By Tool====================== 0 bestand(en) gekopieerd. 1 bestand(en) gekopieerd. ==== EOF on do 18/07/2013 at 11:46:12,17 ====================== mvg jan lambrechts

Hallo, dit is het logje: Zoek.exe Version 4.0.0.4 Updated 14-July-2013 Tool run by Corilus on wo 17/07/2013 at 12:09:59,23. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected ==== VirusTotal Scan ====================== c:\windows\system32\dllcache\winlogon.exe https://www.virustotal.com/file/139478AEFEB4381A58713B25DEE2A41E3F814331280AD6064FFC82F5BB021FF2/analysis/ c:\windows\system32\winlogon.exe https://www.virustotal.com/file/139478AEFEB4381A58713B25DEE2A41E3F814331280AD6064FFC82F5BB021FF2/analysis/ c:\windows\ServicePackFiles\i386\winlogon.exe https://www.virustotal.com/file/B4C2D4C5EDFD90970FFF3448586B1606F3A84E99281F72632E9D1F2107BB0611/analysis/ c:\windows\SoftwareDistributionold\Download\b4f5f4c053f3142fbf3ac885a934647c\backup\winlogon.exe https://www.virustotal.com/file/37AF2E3B6087FE4011B8E362B9284C5325ACBBE06FE38C5075B0E91D9FB360DE/analysis/ ==== EOF on wo 17/07/2013 at 12:10:13,95 ====================== Ik krijg nu geen bericht meer bij opstarten, maar bij het openen van mappen wel vaak volgend beeld: groeten, jan lambrechts

Hallo, ik krijg geen melding meer. Dit is het logje: ComboFix 13-07-09.01 - Corilus 15/07/2013 20:36:33.8.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2013.976 [GMT 2:00] Gestart vanuit: c:\documents and settings\Corilus\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Corilus\Bureaublad\CFScript.txt AV: Sophos Anti-Virus *Disabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} . FILE :: "c:\documents and settings\Corilus\Menu Start\Programma's\Opstarten\msconfig.lnk" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxAPI.dll c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxInstallLog.txt c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspi.dll c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspiWDM.inf c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\gearaspiwdmx86.cat c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\x86\GEARAspiWDM.sys c:\documents and settings\Corilus\Application Data\skype.ini c:\windows\wininit.ini . . (((((((((((((((((((( Bestanden Gemaakt van 2013-06-15 to 2013-07-15 )))))))))))))))))))))))))))))) . . 2013-07-15 01:02 . 2013-07-15 01:06 -------- d-----w- c:\windows\system32\MRT 2013-06-26 06:35 . 2013-06-26 06:35 -------- d-----w- c:\program files\iPod 2013-06-26 06:35 . 2013-06-26 06:36 -------- d-----w- c:\program files\iTunes 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2013-06-26 06:29 . 2013-06-26 06:30 -------- d-----w- c:\program files\QuickTime 2013-06-24 12:52 . 2013-07-15 18:33 -------- d--h--r- c:\documents and settings\Corilus\Onlangs geopend 2013-06-20 17:57 . 2013-06-20 17:57 -------- d-----w- c:\program files\Monkey's Audio 2013-06-20 17:57 . 2013-01-19 22:55 429056 ----a-w- c:\windows\system32\MACDll.dll 2013-06-20 16:09 . 2013-06-20 16:10 -------- d-----w- c:\program files\Lossless Audio Converter 2013-06-20 13:11 . 2013-06-20 13:11 388096 ----a-r- c:\documents and settings\Corilus\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-06-20 13:11 . 2013-06-20 13:11 -------- d-----w- c:\program files\Trend Micro 2013-06-16 21:55 . 2013-06-16 21:55 -------- d-----w- c:\program files\Dropbox . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-12 15:48 . 2012-04-03 06:40 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-12 15:48 . 2011-06-08 06:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-08 01:23 . 2004-08-04 01:03 920064 ----a-w- c:\windows\system32\wininet.dll 2013-06-07 21:53 . 2004-08-04 01:03 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-06-07 21:53 . 2004-08-04 01:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-06-07 18:27 . 2004-08-04 00:55 385024 ----a-w- c:\windows\system32\html.iec 2013-06-05 09:08 . 2004-08-04 00:56 1876864 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 07:22 . 2004-08-04 01:03 563200 ------w- c:\windows\system32\qedit.dll 2013-05-08 09:58 . 2006-10-18 19:47 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-05-03 05:39 . 2004-08-04 00:58 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-03 05:39 . 2004-08-04 00:58 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\system32\QuickTime.qts . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-09-20 . 389A0A55CF2EDF75586C1CF8AFA920A3 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe [-] 2010-09-20 . 389A0A55CF2EDF75586C1CF8AFA920A3 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [7] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [7] 2004-08-04 . 732ED791711DF9C9DD15E5515BC681B8 . 504832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistributionold\Download\b4f5f4c053f3142fbf3ac885a934647c\backup\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Corilus\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Corilus\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Corilus\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Corilus\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-07 39408] "DymoQuickPrint"="c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2009-10-29 1885944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-01-05 439536] "RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Corilus\Menu Start\Programma's\Opstarten\ Dropbox.lnk - c:\documents and settings\Corilus\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Sidexis\\Sidexis.exe"= "c:\\Sidexis\\SiConst\\SIDEXIS.exe"= "c:\\Sidexis\\SiXABCon.exe"= "c:\\Sidexis\\SiRescue.exe"= "c:\\DBSWIN\\bin\\DBSWIN.exe"= "c:\\DBSWIN\\bin\\DBSLOG.EXE"= "\\??\\c:\\WINDOWS\\system32\\winlogon.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\Corilus\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [20/09/2010 11:27 153344] R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [20/09/2010 11:23 24064] R2 AXIS Camera Station;AXIS Camera Station;c:\program files\Axis Communications\AXIS Camera Station 3\ACSService.exe [11/09/2009 16:07 40960] R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [4/01/2013 14:06 106280] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/09/2012 15:46 12184] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [30/10/2012 18:51 418376] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [15/10/2012 19:34 701512] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/01/2010 4:09 50704] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [5/01/2011 21:00 163056] R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [5/01/2011 21:01 97520] R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [5/01/2011 21:04 1541360] R3 cleanhlp;cleanhlp;\??\c:\docume~1\CORILUS\LOCALS~1\TEMP\RAR$EXA0.507\RUN\cleanhlp32.sys --> c:\docume~1\CORILUS\LOCALS~1\TEMP\RAR$EXA0.507\RUN\cleanhlp32.sys [?] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [15/10/2012 19:34 22856] R3 VistaRayScanner;VistaRay Scanner System Services;c:\windows\system32\drivers\VistaRayScanner-EPP.sys [3/09/2009 14:58 17606] S2 ProntoDataService;Pronto Data Server;c:\documents and settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe [11/10/2010 9:38 7680] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [25/04/2008 8:18 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [25/04/2008 8:16 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [25/04/2008 8:15 166384] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [25/04/2008 8:18 313840] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25/04/2008 8:15 1120752] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [20/09/2010 11:27 14976] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs yigfsrul . Inhoud van de 'Gedeelde Taken' map . 2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:48] . 2013-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:40] . 2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:40] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/webhp?sourceid=navclient&hl=nl&ie=UTF-8&rlz=1T4ADFA_nlBE348BE348 uInternet Settings,ProxyOverride = *.local IE: Free YouTube Download - c:\documents and settings\Corilus\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\documents and settings\Corilus\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\PC Helpforum - Gratis hulp bij computer problemen TCP: Interfaces\{2362D3E9-DEC8-478E-B328-F15A54F133C3}: NameServer = 195.238.2.21,195.238.2.22 DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://192.168.15.15/activex/AMC.cab FF - ProfilePath - c:\documents and settings\Corilus\Application Data\Mozilla\Firefox\Profiles\3patyt1l.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2009-10-19 21:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS VERWIJDERD - - - - . SafeBoot-CleanHlp SafeBoot-CleanHlp.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-07-15 20:46 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,75,88,c2,44,fb,00,48,aa,30,33,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,75,88,c2,44,fb,00,48,aa,30,33,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(748) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . Voltooingstijd: 2013-07-15 20:49:36 ComboFix-quarantined-files.txt 2013-07-15 18:49 ComboFix2.txt 2013-07-11 07:16 ComboFix3.txt 2012-11-21 08:08 . Pre-Run: 101.646.356.480 bytes beschikbaar Post-Run: 101.893.423.104 bytes beschikbaar . - - End Of File - - 94F268ED9BDE8AFD2EB7C878579FAAC1 3051207086651214E435112E51817DC5 met vriendelijke groeten, jan lambrechts

Hallo, hier is het logje: ComboFix 13-07-09.01 - Corilus 11/07/2013 9:01.7.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2013.1071 [GMT 2:00] Gestart vanuit: c:\documents and settings\Corilus\Bureaublad\ComboFix.exe AV: Sophos Anti-Virus *Disabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\0tbpw.pad c:\documents and settings\All Users\Application Data\7ewr.pad c:\documents and settings\All Users\Application Data\lvw1.pad c:\documents and settings\All Users\Application Data\z6ejmjof.pad . . (((((((((((((((((((( Bestanden Gemaakt van 2013-06-11 to 2013-07-11 )))))))))))))))))))))))))))))) . . 2013-06-26 06:35 . 2013-06-26 06:35 -------- d-----w- c:\program files\iPod 2013-06-26 06:35 . 2013-06-26 06:36 -------- d-----w- c:\program files\iTunes 2013-06-26 06:35 . 2013-06-26 06:36 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2013-06-26 06:30 . 2013-06-26 06:30 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2013-06-26 06:29 . 2013-06-26 06:30 -------- d-----w- c:\program files\QuickTime 2013-06-24 12:52 . 2013-07-10 18:22 -------- d--h--r- c:\documents and settings\Corilus\Onlangs geopend 2013-06-20 17:57 . 2013-06-20 17:57 -------- d-----w- c:\program files\Monkey's Audio 2013-06-20 17:57 . 2013-01-19 22:55 429056 ----a-w- c:\windows\system32\MACDll.dll 2013-06-20 16:09 . 2013-06-20 16:10 -------- d-----w- c:\program files\Lossless Audio Converter 2013-06-20 13:11 . 2013-06-20 13:11 388096 ----a-r- c:\documents and settings\Corilus\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-06-20 13:11 . 2013-06-20 13:11 -------- d-----w- c:\program files\Trend Micro 2013-06-16 21:55 . 2013-06-16 21:55 -------- d-----w- c:\program files\Dropbox . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-12 15:48 . 2012-04-03 06:40 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-12 15:48 . 2011-06-08 06:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-07 22:27 . 2004-08-04 01:03 920064 ----a-w- c:\windows\system32\wininet.dll 2013-05-07 22:27 . 2004-08-04 01:03 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-05-07 22:27 . 2004-08-04 01:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-07 21:53 . 2004-08-04 00:55 385024 ----a-w- c:\windows\system32\html.iec 2013-05-03 05:39 . 2004-08-04 00:58 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-03 05:39 . 2004-08-04 00:58 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-04-12 14:01 . 2004-08-04 00:56 1876480 ----a-w- c:\windows\system32\win32k.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-09-20 . 389A0A55CF2EDF75586C1CF8AFA920A3 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe [-] 2010-09-20 . 389A0A55CF2EDF75586C1CF8AFA920A3 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [7] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [7] 2004-08-04 . 732ED791711DF9C9DD15E5515BC681B8 . 504832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistributionold\Download\b4f5f4c053f3142fbf3ac885a934647c\backup\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Corilus\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Corilus\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Corilus\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Corilus\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-07 39408] "DymoQuickPrint"="c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2009-10-29 1885944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-01-05 439536] "RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Corilus\Menu Start\Programma's\Opstarten\ Dropbox.lnk - c:\documents and settings\Corilus\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] msconfig.lnk - c:\windows\system32\rundll32.exe c:\docume~1\ALLUSE~1\APPLIC~1\1wvl.dat,FG00 [2004-8-4 33792] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Sidexis\\Sidexis.exe"= "c:\\Sidexis\\SiConst\\SIDEXIS.exe"= "c:\\Sidexis\\SiXABCon.exe"= "c:\\Sidexis\\SiRescue.exe"= "c:\\DBSWIN\\bin\\DBSWIN.exe"= "c:\\DBSWIN\\bin\\DBSLOG.EXE"= "\\??\\c:\\WINDOWS\\system32\\winlogon.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\Corilus\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [20/09/2010 11:27 153344] R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [20/09/2010 11:23 24064] R2 AXIS Camera Station;AXIS Camera Station;c:\program files\Axis Communications\AXIS Camera Station 3\ACSService.exe [11/09/2009 16:07 40960] R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [4/01/2013 14:06 106280] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/09/2012 15:46 12184] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [30/10/2012 18:51 418376] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [15/10/2012 19:34 701512] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/01/2010 4:09 50704] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [5/01/2011 21:00 163056] R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [5/01/2011 21:01 97520] R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [5/01/2011 21:04 1541360] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [15/10/2012 19:34 22856] R3 VistaRayScanner;VistaRay Scanner System Services;c:\windows\system32\drivers\VistaRayScanner-EPP.sys [3/09/2009 14:58 17606] S2 ProntoDataService;Pronto Data Server;c:\documents and settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe [11/10/2010 9:38 7680] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [25/04/2008 8:18 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [25/04/2008 8:16 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [25/04/2008 8:15 166384] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [25/04/2008 8:18 313840] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25/04/2008 8:15 1120752] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [20/09/2010 11:27 14976] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs yigfsrul . Inhoud van de 'Gedeelde Taken' map . 2013-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:48] . 2013-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:40] . 2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:40] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/webhp?sourceid=navclient&hl=nl&ie=UTF-8&rlz=1T4ADFA_nlBE348BE348 uInternet Settings,ProxyOverride = *.local IE: Free YouTube Download - c:\documents and settings\Corilus\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\documents and settings\Corilus\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\PC Helpforum - Gratis hulp bij computer problemen TCP: Interfaces\{2362D3E9-DEC8-478E-B328-F15A54F133C3}: NameServer = 195.238.2.21,195.238.2.22 DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://192.168.15.15/activex/AMC.cab FF - ProfilePath - c:\documents and settings\Corilus\Application Data\Mozilla\Firefox\Profiles\3patyt1l.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2009-10-19 21:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS VERWIJDERD - - - - . SafeBoot-klmdb.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-07-11 09:10 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,75,88,c2,44,fb,00,48,aa,30,33,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,75,88,c2,44,fb,00,48,aa,30,33,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(748) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . Voltooingstijd: 2013-07-11 09:16:20 ComboFix-quarantined-files.txt 2013-07-11 07:16 ComboFix2.txt 2012-11-21 08:08 . Pre-Run: 92.513.538.048 bytes beschikbaar Post-Run: 93.467.885.568 bytes beschikbaar . - - End Of File - - DADA722C3E4458E76D87442D00D7895E 3051207086651214E435112E51817DC5 met vriendelijke groeten, jan lambrechts

hallo, de waarschuwing blijft aanwezig bij het opstarten. groeten, jan lambrechts

Hallo, sorry voor de late reactie. Hier is het logje # AdwCleaner v2.304 - Verslag gemaakt op 09/07/2013 om 18:48:00 # Geactualiseerd op 03/07/2013 door Xplode # Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits) # Gebruiker : Corilus - KABINET1 # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Documents and Settings\Corilus\Bureaublad\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** Map Verwijderd : C:\Documents and Settings\Corilus\Application Data\dvdvideosoftiehelpers Map Verwijderd : C:\Program Files\Common Files\DVDVideoSoft\TB Map Verwijderd : C:\WINDOWS\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4} ***** [Register] ***** Sleutel Verwijderd : HKCU\Software\Conduit Sleutel Verwijderd : HKCU\Software\InstallCore Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Sleutel Verwijderd : HKCU\Software\YahooPartnerToolbar Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Sleutel Verwijderd : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D Sleutel Verwijderd : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Sleutel Verwijderd : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Sleutel Verwijderd : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\sim-packages Sleutel Verwijderd : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Sleutel Verwijderd : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT2088433 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7683B745-6060-41FD-AA75-0BBB383FEAD4} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{774C0434-9948-4DEE-A14E-69CDD316E36C} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{774C0434-9948-4DEE-A14E-69CDD316E36C} Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe] Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll] Waarde Verwijderd : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}] ***** [browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v21.0 (nl) File : C:\Documents and Settings\Corilus\Application Data\Mozilla\Firefox\Profiles\3patyt1l.default\prefs.js Verwijderd : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Verwijderd : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110819&tt=010712_1&babsrc=NT_ss&mn[...] Verwijderd : user_pref("browser.search.order.1", "Search the web (Babylon)"); File : C:\Documents and Settings\anti-virus\Application Data\Mozilla\Firefox\Profiles\16fxaryn.default\prefs.js [OK] De file bevat geen enkele ongeoorloofde invoer. File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\unq3eyph.default\prefs.js [OK] De file bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v [Onmogelijk de versie te verkrijgen] File : C:\Documents and Settings\Corilus\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Verwijderd [l.29] : homepage = "hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={7E8063CD-EB5C-11E1-A80B-00016C44[...] Verwijderd [l.45] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={7E8063CD-E[...] File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[R1].txt - [15179 octets] - [09/07/2013 18:34:24] AdwCleaner[s1].txt - [15317 octets] - [09/07/2013 18:48:00] ########## EOF - C:\AdwCleaner[s1].txt - [15378 octets] ########## met vriendelijke groeten, jan lambrechts

Hallo, hier de logjes: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:56:53, on 26/06/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HitmanPro\hmpsched.exe C:\Program Files\HitmanPro\HitmanPro.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Documents and Settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Axis Communications\AXIS Camera Station 3\ACSService.exe C:\Program Files\Sophos\AutoUpdate\almon.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxpers.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Documents and Settings\Corilus\Application Data\Dropbox\bin\Dropbox.exe C:\WINDOWS\system32\OSK.exe C:\WINDOWS\system32\MSSWCHX.EXE C:\Baltes\bin\baltes.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe c:\sidexis\sidexis.exe C:\WINDOWS\system32\NOTEPAD.EXE c:\dbswin\bin\dbswin.exe c:\dbswin\bin\dbslog.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [DymoQuickPrint] "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Corilus\Application Data\Dropbox\bin\Dropbox.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Corilus\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Corilus\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/bin/LogitechDeviceDetection32.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1344594364671 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346678952750 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://192.168.15.15/activex/AMC.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2362D3E9-DEC8-478E-B328-F15A54F133C3}: NameServer = 195.238.2.21,195.238.2.22 O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AXIS Camera Station - Axis Communications - C:\Program Files\Axis Communications\AXIS Camera Station 3\ACSService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Pronto Data Server (ProntoDataService) - Philips - C:\Documents and Settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- End of file - 11572 bytes Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.26.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Corilus :: KABINET1 [administrator] 26/06/2013 12:12:40 mbam-log-2013-06-26 (12-12-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 262440 Time elapsed: 24 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) met vriendelijke groeten, jan lambrechts

Hallo, ik krijg bij het opstarten een waarschuwing dat een bepaald bestand niet te vinden is. Alle programma's werken wel maar iets trager. Malwarebytes en sophos vinden niets. Dit is het logje van HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:31:59, on 26/06/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HitmanPro\hmpsched.exe C:\Program Files\HitmanPro\HitmanPro.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Documents and Settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Axis Communications\AXIS Camera Station 3\ACSService.exe C:\Program Files\Sophos\AutoUpdate\almon.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxpers.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Corilus\Local Settings\Temp\Aponarwor.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Corilus\Local Settings\Temp\Ferluebes.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Documents and Settings\Corilus\Application Data\Dropbox\bin\Dropbox.exe C:\WINDOWS\system32\OSK.exe C:\WINDOWS\system32\MSSWCHX.EXE C:\Baltes\bin\baltes.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe c:\sidexis\sidexis.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [DymoQuickPrint] "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cgminer] C:\Documents and Settings\Corilus\Local Settings\Temp\Aponarwor.exe O4 - HKCU\..\Run: [Vagnellos] C:\DOCUME~1\Corilus\LOCALS~1\Temp\dmp396590210240395063.tmp O4 - HKCU\..\Run: [hbindiner] C:\Documents and Settings\Corilus\Local Settings\Temp\Ferluebes.exe O4 - HKCU\..\Run: [ctfmon32.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\fojmje6z.dat,XFG00 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Corilus\Application Data\Dropbox\bin\Dropbox.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Corilus\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Corilus\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/bin/LogitechDeviceDetection32.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1344594364671 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346678952750 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://192.168.15.15/activex/AMC.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2362D3E9-DEC8-478E-B328-F15A54F133C3}: NameServer = 195.238.2.21,195.238.2.22 O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AXIS Camera Station - Axis Communications - C:\Program Files\Axis Communications\AXIS Camera Station 3\ACSService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Pronto Data Server (ProntoDataService) - Philips - C:\Documents and Settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- End of file - 11910 bytes met vriendelijke groeten, jan lambrechts

De problemen zijn opgelost: de beveiligingsupdate is geslaagd na heristallatie NET.Framework 1.1 geen meldingen meer van emsisoft. Dankuwel voor de hulp!

1.1 1.1 Dutch Language Pack 2.0 Service Pack 2 2.0 Service Pack Language Pack-NLD 3.0 Service Pack 2 3.0 Service Pack Language Pack-NLD 3.5 SP1 met vriendelijke groeten jan lambrechts

hallo, hier het logbestand van emsisoft en sophos ****************** Sophos Anti-Virus Log - 23/11/2012 8:25:40 ************** 20121105 183207 User (KABINET1\Corilus) has stopped on-access scanning for this machine. 20121105 192554 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121105 192555 User (NT AUTHORITY\Lokale service) has stopped on-access scanning for this machine. 20121105 194854 User (KABINET1\Corilus) has started on-access scanning for this machine. 20121106 072935 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121106 072936 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121106 093802 User (KABINET1\Corilus) has stopped on-access scanning for this machine. 20121106 125425 User (KABINET1\Corilus) has started on-access scanning for this machine. 20121106 145344 User (KABINET1\Corilus) has stopped on-access scanning for this machine. 20121106 150513 User (KABINET1\Corilus) has started on-access scanning for this machine. 20121107 090732 User (KABINET1\Corilus) has stopped on-access scanning for this machine. 20121107 090918 User (KABINET1\Corilus) has started on-access scanning for this machine. 20121107 113028 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000159.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 113028 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000159.exe" for user KABINET1\Corilus 20121107 113029 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000169.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 113029 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000169.exe" for user KABINET1\Corilus 20121107 113033 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000215.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 113033 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000215.exe" for user KABINET1\Corilus 20121107 113034 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000248.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 113034 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000248.exe" for user KABINET1\Corilus 20121107 113037 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000287.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 113037 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000287.exe" for user KABINET1\Corilus 20121107 113038 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000323.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 113038 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000323.exe" for user KABINET1\Corilus 20121107 113042 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000363.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 113042 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000363.exe" for user KABINET1\Corilus 20121107 113045 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000414.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 113045 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000414.exe" for user KABINET1\Corilus 20121107 113045 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000422.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 113045 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000422.exe" for user KABINET1\Corilus 20121107 113051 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000499.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 113051 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000499.exe" for user KABINET1\Corilus 20121107 113052 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000507.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 113052 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000507.exe" for user KABINET1\Corilus 20121107 113953 File "C:\WINDOWS\NIRCMD.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 113953 On-access scanner has denied access to location "C:\WINDOWS\NIRCMD.exe" for user KABINET1\Corilus 20121107 125911 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000215.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 125911 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000414.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 125911 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000422.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 125911 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000499.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 125911 File "C:\WINDOWS\NIRCMD.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 125911 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000159.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 125911 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000248.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000507.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 125912 Scanning "C:\Documents and Settings\Corilus\Local Settings\Temp\20.tmp\z9.scf" returned SAV Interface error 0xa0040210: The file could not be accessed. 20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000169.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000287.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000323.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000363.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000215.exe" has been cleaned up. 20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000414.exe" has been cleaned up. 20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000422.exe" has been cleaned up. 20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000499.exe" has been cleaned up. 20121107 125912 File "C:\WINDOWS\NIRCMD.exe" has been cleaned up. 20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000159.exe" has been cleaned up. 20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000248.exe" has been cleaned up. 20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000507.exe" has been cleaned up. 20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000169.exe" has been cleaned up. 20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000287.exe" has been cleaned up. 20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000323.exe" has been cleaned up. 20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000363.exe" has been cleaned up. 20121107 125912 Adware or PUA 'NirCmd' has been removed. 20121107 145257 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121107 145257 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121107 150734 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121107 150734 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121107 184650 File "C:\32788R22FWJFW\iexplore.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 184650 On-access scanner has denied access to location "C:\32788R22FWJFW\iexplore.exe" for user NT AUTHORITY\SYSTEM 20121107 184650 File "C:\32788R22FWJFW\firefox.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 184650 On-access scanner has denied access to location "C:\32788R22FWJFW\firefox.exe" for user NT AUTHORITY\SYSTEM 20121107 184650 File "C:\32788R22FWJFW\firefox.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 184650 On-access scanner has denied access to location "C:\32788R22FWJFW\firefox.exe" for user KABINET1\Corilus 20121107 184651 File "C:\32788R22FWJFW\NirCmd.3XE" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 184651 On-access scanner has denied access to location "C:\32788R22FWJFW\NirCmd.3XE" for user NT AUTHORITY\SYSTEM 20121107 184656 File "C:\32788R22FWJFW\NirCmd.3XE" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 184656 On-access scanner has denied access to location "C:\32788R22FWJFW\NirCmd.3XE" for user KABINET1\Corilus 20121107 184659 File "C:\32788R22FWJFW\NirCmd.3XE" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 184659 On-access scanner has denied access to location "C:\32788R22FWJFW\NirCmd.3XE" for user KABINET1\Corilus 20121107 184700 File "C:\32788R22FWJFW\NirCmd.3XE" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 184700 On-access scanner has denied access to location "C:\32788R22FWJFW\NirCmd.3XE" for user KABINET1\Corilus 20121107 184703 File "C:\32788R22FWJFW\firefox.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 184703 On-access scanner has denied access to location "C:\32788R22FWJFW\firefox.exe" for user KABINET1\Corilus 20121107 184703 File "C:\32788R22FWJFW\iexplore.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 184703 On-access scanner has denied access to location "C:\32788R22FWJFW\iexplore.exe" for user KABINET1\Corilus 20121107 184703 File "C:\32788R22FWJFW\NirCmd.3XE" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 184703 On-access scanner has denied access to location "C:\32788R22FWJFW\NirCmd.3XE" for user KABINET1\Corilus 20121107 184703 File "C:\32788R22FWJFW\NirCmdC.3XE" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 184703 On-access scanner has denied access to location "C:\32788R22FWJFW\NirCmdC.3XE" for user KABINET1\Corilus 20121107 184706 File "C:\32788R22FWJFW\NirCmd.3XE" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 184706 On-access scanner has denied access to location "C:\32788R22FWJFW\NirCmd.3XE" for user KABINET1\Corilus 20121107 184708 File "C:\ComboFix\NirCmd.3XE" belongs to adware or PUA 'NirCmd' (of type 5). 20121107 184708 On-access scanner has denied access to location "C:\ComboFix\NirCmd.3XE" for user NT AUTHORITY\SYSTEM 20121107 185030 User (KABINET1\Corilus) has stopped on-access scanning for this machine. 20121107 185150 Scanning "C:\32788R22FWJFW\NirCmdC.3XE" returned SAV Interface error 0xa0040210: The file could not be accessed. 20121107 185150 Scanning "C:\ComboFix\NirCmd.3XE" returned SAV Interface error 0xa0040210: The file could not be accessed. 20121107 185150 Scanning "C:\32788R22FWJFW\firefox.exe" returned SAV Interface error 0xa0040210: The file could not be accessed. 20121107 185150 Scanning "C:\32788R22FWJFW\iexplore.exe" returned SAV Interface error 0xa0040210: The file could not be accessed. 20121107 185150 Scanning "C:\32788R22FWJFW\NirCmd.3XE" returned SAV Interface error 0xa0040210: The file could not be accessed. 20121107 185150 Item 'NirCmd' could not be redetected. 20121107 185552 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121107 185552 User (NT AUTHORITY\Lokale service) has stopped on-access scanning for this machine. 20121107 190207 User (KABINET1\Corilus) has started on-access scanning for this machine. 20121108 072959 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121108 072959 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121109 073124 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121109 073124 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121109 074852 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121109 074853 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121113 072513 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121113 072514 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121114 074014 File "C:\ComboFix\NircmdB.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121114 074014 On-access scanner has denied access to location "C:\ComboFix\NircmdB.exe" for user KABINET1\Corilus 20121114 074015 File "C:\ComboFix\NircmdB.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121114 074015 On-access scanner has denied access to location "C:\ComboFix\NircmdB.exe" for user KABINET1\Corilus 20121114 083329 File "C:\ComboFix\NircmdB.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121114 083329 File "C:\ComboFix\NircmdB.exe" has been cleaned up. 20121114 083329 Adware or PUA 'NirCmd' has been removed. 20121114 093036 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP4\A0000468.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121114 093036 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP4\A0000468.exe" for user KABINET1\Corilus 20121114 093058 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP4\A0000468.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121114 093058 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP4\A0000468.exe" has been cleaned up. 20121114 093058 Adware or PUA 'NirCmd' has been removed. 20121114 132123 Scan 'Scan my computer' started. 20121114 140915 Scanning "C:\WINDOWS\Temp\fb_table_oh0o1q" returned SAV Interface error 0xa0040210: The file could not be accessed. 20121114 143251 Scan 'Scan my computer' completed. 20121114 143251 Summary of results for scan 'Scan my computer': Items scanned: 100159 Errors: 1 Items quarantined: 0 Items dealt with: 0 20121114 191313 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121114 191314 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121115 072944 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121115 072944 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121115 073517 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121115 073518 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121115 111612 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP5\A0000492.exe" has been identified as suspicious file of type 'Sus/Behav-1021'. If you are unsure whether the file can be authorized, please send a sample to Sophos. 20121115 111613 Suspicious file "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP5\A0000492.exe" has been moved to "C:\Program Files\medsecure\quarantaine\A0000492.exe.000". 20121116 022718 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121116 022718 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121116 111137 Scanning "E:\magazines\desktop.ini" returned SAV Interface error 0xa0040202: Scan failed. 20121119 072628 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121119 072628 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121119 185433 User (KABINET1\Corilus) has stopped on-access scanning for this machine. 20121119 192035 User (KABINET1\Corilus) has started on-access scanning for this machine. 20121120 072346 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121120 072346 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121120 074729 User (KABINET1\Corilus) has stopped on-access scanning for this machine. 20121120 083427 User (KABINET1\Corilus) has started on-access scanning for this machine. 20121120 084648 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121120 084649 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121120 100240 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP12\A0000797.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121120 100240 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP12\A0000797.exe" for user KABINET1\Corilus 20121120 100241 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP12\A0000805.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121120 100241 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP12\A0000805.exe" for user KABINET1\Corilus 20121120 100250 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000848.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121120 100250 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000848.exe" for user KABINET1\Corilus 20121120 100253 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000895.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121120 100253 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000895.exe" for user KABINET1\Corilus 20121120 100254 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000903.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121120 100254 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000903.exe" for user KABINET1\Corilus 20121120 101644 File "C:\WINDOWS\NIRCMD.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121120 101644 On-access scanner has denied access to location "C:\WINDOWS\NIRCMD.exe" for user KABINET1\Corilus 20121120 102003 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP12\A0000805.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121120 102003 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000848.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121120 102003 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000895.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121120 102003 File "C:\WINDOWS\NIRCMD.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121120 102004 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP12\A0000797.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121120 102004 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000903.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121120 102004 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP12\A0000805.exe" has been cleaned up. 20121120 102004 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000848.exe" has been cleaned up. 20121120 102004 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000895.exe" has been cleaned up. 20121120 102004 File "C:\WINDOWS\NIRCMD.exe" has been cleaned up. 20121120 102004 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP12\A0000797.exe" has been cleaned up. 20121120 102005 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000903.exe" has been cleaned up. 20121120 102005 Adware or PUA 'NirCmd' has been removed. 20121121 072835 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121121 072835 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121121 075703 User (KABINET1\Corilus) has stopped on-access scanning for this machine. 20121121 081242 User (KABINET1\Corilus) has started on-access scanning for this machine. 20121121 114247 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP14\A0000929.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121121 114247 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP14\A0000929.exe" for user KABINET1\Corilus 20121121 114303 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001018.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121121 114303 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001018.exe" for user KABINET1\Corilus 20121121 114303 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001026.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121121 114303 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001026.exe" for user KABINET1\Corilus 20121121 115546 File "C:\WINDOWS\NIRCMD.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121121 115546 On-access scanner has denied access to location "C:\WINDOWS\NIRCMD.exe" for user KABINET1\Corilus 20121121 134331 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP14\A0000929.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121121 134331 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP14\A0000929.exe" for user KABINET1\Corilus 20121121 134344 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001018.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121121 134344 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001018.exe" for user KABINET1\Corilus 20121121 134344 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001026.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121121 134344 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001026.exe" for user KABINET1\Corilus 20121121 134526 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP14\A0000929.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121121 134526 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001018.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121121 134526 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001026.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121121 134526 File "C:\WINDOWS\NIRCMD.exe" belongs to adware or PUA 'NirCmd' (of type 5). 20121121 134527 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP14\A0000929.exe" has been cleaned up. 20121121 134527 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001018.exe" has been cleaned up. 20121121 134527 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001026.exe" has been cleaned up. 20121121 134527 File "C:\WINDOWS\NIRCMD.exe" has been cleaned up. 20121121 134527 Adware or PUA 'NirCmd' has been removed. 20121122 073047 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121122 073047 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121122 151618 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121122 151618 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. 20121122 184033 File "C:\Documents and Settings\Corilus\wgsdgsdgdsgsd.exe" has been identified as suspicious file of type 'Sus/UnkPack-C'. If you are unsure whether the file can be authorized, please send a sample to Sophos. 20121122 184033 Suspicious file "C:\Documents and Settings\Corilus\wgsdgsdgdsgsd.exe" has been moved to "C:\Program Files\medsecure\quarantaine\wgsdgsdgdsgsd.exe.000". 20121123 072709 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items. 20121123 072709 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine. (213 items) Rapport van emsisoft: Emsisoft Emergency Kit - Versie 3.0 Laatste Update: 23/11/2012 9:29:02 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, F:\ Detecteer riskware: Uit Scan archieven: Aan ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 23/11/2012 11:59:40 Gescand 408646 Gevonden 0 Scan geëindigd: 23/11/2012 14:24:22 Scantijd: 2:24:42 Ik krijg wel een waarschuwing van microsoft over een beveiligingsupdate: KB2698023: Beveiligingsupdate voor Microsoft .NET Framework 1.1 SP1 op Windows XP, Windows Vista en Windows Server 2008 x86, die niet kan geïnstalleerd worden. jan lambrechts

Hallo, hier het logbestand ComboFix 12-11-20.02 - Corilus 21/11/2012 9:01.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2013.1169 [GMT 1:00] Gestart vanuit: c:\documents and settings\Corilus\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Corilus\Bureaublad\cfscript.txt AV: Sophos Anti-Virus *Disabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} . FILE :: "c:\windows\System32\Drivers\kthdexzs.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\System32\Drivers\kthdexzs.sys . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-21 to 2012-11-21 )))))))))))))))))))))))))))))) . . 2012-11-16 02:32 . 2012-11-16 02:32 -------- d-----w- c:\documents and settings\Corilus\Local Settings\Application Data\PCHealth 2012-11-09 08:00 . 2012-11-09 08:00 -------- d-----w- c:\program files\iPod 2012-11-09 08:00 . 2012-11-09 08:01 -------- d-----w- c:\program files\iTunes 2012-11-09 08:00 . 2012-11-09 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-11-08 10:34 . 2012-11-21 07:45 -------- d--h--r- c:\documents and settings\Corilus\Onlangs geopend 2012-10-31 07:48 . 2012-10-31 07:48 -------- d-----w- C:\found.001 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-24 16:07 . 2012-09-11 13:54 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-10-22 19:57 . 2004-08-04 00:56 1866496 ----a-w- c:\windows\system32\win32k.sys 2012-10-09 08:48 . 2012-04-03 06:40 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 08:48 . 2011-06-08 06:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-02 18:04 . 2004-08-04 01:03 58368 ------w- c:\windows\system32\synceng.dll 2012-09-29 18:54 . 2012-10-15 17:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-28 15:17 . 2004-08-04 01:03 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2004-08-04 01:03 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2004-08-04 01:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-04 00:55 385024 ----a-w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2004-08-04 01:03 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-09-05 09:38 . 2012-03-06 10:42 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-09-20 . 389A0A55CF2EDF75586C1CF8AFA920A3 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe [-] 2010-09-20 . 389A0A55CF2EDF75586C1CF8AFA920A3 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [7] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [7] 2004-08-04 . 732ED791711DF9C9DD15E5515BC681B8 . 504832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\b4f5f4c053f3142fbf3ac885a934647c\backup\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Corilus\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Corilus\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Corilus\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Corilus\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-07 39408] "DymoQuickPrint"="c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2009-10-29 1885944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-01-05 439536] "RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Corilus\Menu Start\Programma's\Opstarten\ Dropbox.lnk - c:\documents and settings\Corilus\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Sidexis\\Sidexis.exe"= "c:\\Sidexis\\SiConst\\SIDEXIS.exe"= "c:\\Sidexis\\SiXABCon.exe"= "c:\\Sidexis\\SiRescue.exe"= "c:\\DBSWIN\\bin\\DBSWIN.exe"= "c:\\DBSWIN\\bin\\DBSLOG.EXE"= "\\??\\c:\\WINDOWS\\system32\\winlogon.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\Corilus\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [20/09/2010 10:27 153344] R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [20/09/2010 10:23 24064] R2 AXIS Camera Station;AXIS Camera Station;c:\program files\Axis Communications\AXIS Camera Station 3\ACSService.exe [11/09/2009 15:07 40960] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/09/2012 14:46 12184] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [30/10/2012 17:51 399432] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/01/2010 3:09 50704] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [5/01/2011 20:00 163056] R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [5/01/2011 20:01 97520] R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [5/01/2011 20:04 1541360] R3 VistaRayScanner;VistaRay Scanner System Services;c:\windows\system32\drivers\VistaRayScanner-EPP.sys [3/09/2009 13:58 17606] S2 ProntoDataService;Pronto Data Server;c:\documents and settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe [23/07/2009 14:41 20480] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [25/04/2008 7:18 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [25/04/2008 7:16 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [25/04/2008 7:15 166384] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [25/04/2008 7:18 313840] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25/04/2008 7:15 1120752] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [20/09/2010 10:27 14976] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs yigfsrul . Inhoud van de 'Gedeelde Taken' map . 2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:48] . 2012-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:40] . 2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:40] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/webhp?sourceid=navclient&hl=nl&ie=UTF-8&rlz=1T4ADFA_nlBE348BE348 uInternet Settings,ProxyOverride = *.local Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\www.update TCP: Interfaces\{2362D3E9-DEC8-478E-B328-F15A54F133C3}: NameServer = 195.238.2.21,195.238.2.22 FF - ProfilePath - c:\documents and settings\Corilus\Application Data\Mozilla\Firefox\Profiles\3patyt1l.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2009-10-19 21:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-11-21 09:07 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,75,88,c2,44,fb,00,48,aa,30,33,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,75,88,c2,44,fb,00,48,aa,30,33,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(744) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . Voltooingstijd: 2012-11-21 09:08:59 ComboFix-quarantined-files.txt 2012-11-21 08:08 ComboFix2.txt 2012-11-20 08:14 ComboFix3.txt 2012-11-19 19:07 ComboFix4.txt 2012-11-06 15:03 . Pre-Run: 85.552.689.152 bytes beschikbaar Post-Run: 85.820.456.960 bytes beschikbaar . - - End Of File - - ADB8969D54EB20D67A386F6DB9060950 groeten jan lambrechts

Hallo, dit is het logbestand Emsisoft Emergency Kit - Versie 3.0 Laatste Update: 20/11/2012 19:29:15 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, F:\ Detecteer riskware: Uit Scan archieven: Aan ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 20/11/2012 19:32:44 C:\WINDOWS\System32\Drivers\kthdexzs.sys Ontdekt: Gen:Variant.Buzy.3548 ( Gescand 415 Gevonden 1 Scan geëindigd: 20/11/2012 19:33:29 Scantijd: 0:00:45 In quarantaine 0 jan lambrechts