Ga naar inhoud

honk

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    401

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door honk

  1. honk
    hallo, mijn zus heeft op msn op een link geklikt waar een virus in verborgen zat en nadien had er nog niets opgetreden van de eigenschappen van een virus, maar nu zie ik pas dat het een ernstige virus is omdat de pc vertraagt, msn werkt niet meer, internet gaat traag, en er is een melding dat steeds voorkomt; Warning! Security report Your computer is infected! It is recommended to start spyware cleaner tool. Ik heb de computer al een paar keer gescand, maar ik heb maar een paar virussen gevonden maar de virus is nog niet weg. kan u me aub helpen? (gelieve zo snel mogelijk want ik denk dat deze schadelijk is en mijn pa zijn bestanden staan op deze pc die van zeer groot belang zijn voor zijn werk) mvg, honk
  2. honk
    Dank U ! Nu ga ik als afsluiter men computer nog 2x scannen met antivirus en Anti Malware. Mvg, honk
  3. honk
    Systeemherstel -> "Systeemherstel op alle stations uitschakeleno deze vind in niet vista...
  4. honk
    en indien alles OK is en niets meer merk van het virus, dan scan ik mijn computer nog eens volledig met mijn antivirus en daarna nog eens met Malwarebytes'
  5. honk
    tot nu toe nog helemaal niets gemerkt =) wanneer het er toch eens zou opkomen dan verwittig ik je direkt... mvg, honk en ZEER bedankt
  6. honk
    ComboFix 09-02-02.04 - hendrik 2009-02-03 17:09:37.4 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.3070.2120 [GMT 1:00] Gestart vanuit: d:\documenten hendrik\Programma's\ComboFix.exe gebruikte Opdracht switches :: c:\users\hendrik\Desktop\CFScript.txt..txt AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) FW: BullGuard Firewall *enabled* * Nieuw herstelpunt werd aangemaakt FILE :: c:\windows\f5667t5.dat c:\windows\pp1.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys c:\windows\f5667t5.dat c:\windows\pp1.exe . (((((((((((((((((((( Bestanden Gemaakt van 2009-01-03 to 2009-02-03 )))))))))))))))))))))))))))))) . 2009-02-02 17:59 . 2009-02-02 19:10 47 --a------ c:\windows\System32\bad_packet 2009-02-02 17:58 . 2009-02-02 19:02 3,474 --a------ c:\windows\System32\nodes.txt.tmp 2009-01-31 21:15 . 2009-01-31 21:15 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-01-31 21:15 . 2009-01-31 21:17 <DIR> d-------- c:\program files\Microsoft 2009-01-31 21:04 . 2009-02-03 16:58 <DIR> d-------- c:\users\hendrik\Tracing 2009-01-31 20:42 . 2009-01-31 20:42 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-01-31 20:42 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll 2009-01-31 20:42 . 2009-01-31 20:42 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2009-01-31 20:42 . 2009-01-31 20:42 347,648 --a------ c:\windows\System32\WindowsCodecsExt.dll 2009-01-31 20:34 . 2009-01-31 20:34 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\users\hendrik\AppData\Roaming\Malwarebytes 2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\programdata\Malwarebytes 2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-31 19:23 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-01-31 19:23 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-01-30 17:58 . 2009-01-30 17:58 <DIR> d-------- c:\program files\Mixxx 2009-01-23 16:28 . 2009-01-23 16:28 55,504 --a------ c:\windows\System32\drivers\BdFileSpy.sys 2009-01-20 20:06 . 2009-02-02 19:21 <DIR> d-------- c:\users\hendrik\AppData\Roaming\FrostWire 2009-01-20 20:04 . 2009-01-20 20:06 <DIR> d-------- c:\program files\FrostWire 2009-01-18 15:38 . 2009-01-18 15:38 <DIR> d-------- C:\Westwood 2009-01-17 14:27 . 2009-01-17 14:27 <DIR> d-------- C:\.jagex_cache_32 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-03 16:01 --------- d-----w c:\programdata\BullGuard 2009-02-03 15:58 27,525 ----a-w c:\users\hendrik\AppData\Roaming\nvModes.dat 2009-01-31 20:16 --------- d-----w c:\program files\Windows Live 2009-01-20 19:05 --------- d-----w c:\program files\LimeWire 2009-01-20 18:28 --------- d-----w c:\users\hendrik\AppData\Roaming\LimeWire 2009-01-17 13:28 34 ----a-w c:\users\hendrik\jagex_runescape_preferences.dat 2008-12-15 14:39 --------- d-----w c:\users\hendrik\AppData\Roaming\BullGuard 2008-12-12 17:13 --------- d-----w c:\programdata\Avanquest Bluetooth SDK 2008-12-12 17:00 --------- d-----w c:\program files\Avanquest update 2008-12-12 16:57 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-12 16:57 --------- d-----w c:\programdata\BVRP Software 2008-12-12 15:56 --------- d-----w c:\programdata\Sony Ericsson 2008-12-12 15:56 --------- d-----w c:\program files\Sony Ericsson 2008-12-10 17:37 --------- d-----w c:\program files\iTunes 2008-12-10 17:36 --------- d-----w c:\program files\iPod 2008-12-10 17:36 --------- d-----w c:\program files\Common Files\Apple 2008-12-10 17:35 --------- d-----w c:\program files\Bonjour 2008-12-10 17:34 --------- d-----w c:\program files\QuickTime 2008-12-07 12:41 --------- d-----w c:\users\hendrik\AppData\Roaming\Sony 2008-12-07 12:41 --------- d-----w c:\programdata\Sony 2008-12-07 12:34 --------- d-----w c:\program files\Sony 2008-12-04 23:31 308,584 ----a-w c:\windows\WLXPGSS.SCR 2008-12-03 20:16 --------- d-----w c:\program files\Vstep 2008-12-03 20:13 --------- d-----w c:\program files\Kellogg's 2008-12-03 13:49 --------- d-----w c:\program files\Java 2008-07-30 21:51 0 ----a-w c:\users\hendrik\AppData\Roaming\wklnhst.dat 2008-07-16 13:26 174 --sha-w c:\program files\desktop.ini 2008-07-15 18:13 0 ---h--w c:\users\All Users\PKP_DLdu.DAT 2008-07-15 18:13 0 ---h--w c:\programdata\PKP_DLdu.DAT 2008-07-25 17:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-07-25 17:24 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-07-25 17:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot_2009-02-02_22.29.09,40 ))))))))))))))))))))))))))))))))))))))))) . - 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE - 2009-02-02 18:22:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-02-03 15:58:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-02-02 18:22:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-02-03 15:58:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-02-02 18:25:20 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-02-03 15:59:45 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-02-03 15:59:45 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-02-02 18:25:14 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-02-03 15:59:51 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-02-03 15:59:51 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-02-02 18:24:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-02-03 16:00:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-02-02 18:24:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-02-03 16:00:05 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-02-02 18:24:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-02-03 16:00:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-02-02 21:27:20 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat + 2009-02-03 16:09:16 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat - 2009-02-02 18:26:07 7,642 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3214536521-4072128669-3750770202-1000_UserData.bin + 2009-02-03 16:00:12 7,642 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3214536521-4072128669-3750770202-1000_UserData.bin - 2009-02-02 18:26:06 77,988 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-02-03 16:00:12 78,020 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-02-02 18:26:05 44,374 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-02-03 16:00:11 44,382 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-02-02 15:53:01 269,856 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2009-02-03 16:11:53 270,364 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-14 1232896] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-01-23 304464] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-08 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-08 8462336] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-08 81920] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-03-14 561152] "BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-01-23 304464] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 622592] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "RtHDVCpl"="RtHDVCpl.exe" [2007-11-08 c:\windows\RtHDVCpl.exe] c:\users\hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ aveosti.exe.lnk - c:\program files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe [2008-04-14 28672] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-27 2756608] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{239FA296-4E8B-476F-863E-79A4978EC950}"= c:\program files\CyberLink\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express "{40E9D768-04BB-4A17-B090-9921DAC59E4F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{875C8622-8B9E-4A5E-A484-E4E0554AC6D1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{F4CA5235-B03C-4B04-81FC-19D32B817214}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{5B71AA69-59F8-4F5E-AA14-2E93BFB20BD9}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{282AE276-98E3-4A7D-BB93-F12701AC1A77}d:\\documenten hendrik\\et.exe"= UDP:d:\documenten hendrik\et.exe:ET "UDP Query User{1AD21FE0-E37C-4077-B299-63E752B06299}d:\\documenten hendrik\\et.exe"= TCP:d:\documenten hendrik\et.exe:ET "TCP Query User{356DB3F7-7E10-442D-B775-F31A2F76A43E}d:\\documenten hendrik\\programma's\\wet\\et.exe"= UDP:d:\documenten hendrik\programma's\wet\et.exe:ET "UDP Query User{1647553D-4DD4-4811-AC24-9FCFEBD19A8C}d:\\documenten hendrik\\programma's\\wet\\et.exe"= TCP:d:\documenten hendrik\programma's\wet\et.exe:ET "{760A0F79-3C8D-486A-8233-867820454F3E}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1 "{638546E7-2F5F-49B7-9C52-0F56222A868F}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1 "{E8959A03-5D35-486C-BC26-850D922E3E2E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{49A45A45-6EB8-40BF-A963-B214B8BE3A8D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{8C19DEF8-E580-4D45-847D-09FCAB020D73}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{905AA0AB-8928-43A6-9CBA-84A1555838A1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{8D2976B0-F416-461F-9039-612B8F493768}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{850EF4FC-3BC5-441B-BFDC-3B333DED20F6}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire "{960D7CDF-D5D6-49EB-94A7-5CAC4A2EE957}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2008-04-14 210224] R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\Afw.sys [2007-11-28 28696] R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\System32\drivers\BdFileSpy.sys [2009-01-23 55504] R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [2006-11-02 22016] R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [2006-11-02 22016] R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [2006-11-02 22016] R2 eID CRL Service;eID CRL Service;c:\windows\System32\beidservicecrl.exe [2007-02-19 225280] R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [2008-04-14 61440] R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\System32\drivers\AfwCore.sys [2008-11-08 263192] R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-04-14 32256] R3 MGHwCtrl;MGHwCtrl;c:\windows\System32\drivers\MGHwCtrl.sys [2008-04-14 19456] R3 Reconn;BullGuard Email Monitor;c:\program files\BullGuard Ltd\BullGuard\Reconn.sys [2007-10-29 16984] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\System32\drivers\a38usbxp.sys [2004-04-30 24832] S3 eID Privacy Service;eID Privacy Service;c:\windows\System32\beidservicepcsc.exe [2007-02-19 331776] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-pp - c:\windows\pp1.exe . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hln.be/ uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab FF - ProfilePath - c:\users\hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\gkvdumvx.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-03 17:12:27 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... c:\users\hendrik\AppData\Local\Temp\catchme.dll 53248 bytes executable Scan succesvol afgerond verborgen bestanden: 1 ************************************************************************** . Voltooingstijd: 2009-02-03 17:14:32 ComboFix-quarantined-files.txt 2009-02-03 16:14:30 ComboFix2.txt 2009-02-02 21:30:14 ComboFix3.txt 2009-02-01 12:37:45 ComboFix4.txt 2009-01-31 22:50:21 Pre-Run: 9.962.070.016 bytes beschikbaar Post-Run: 9,825,370,112 bytes beschikbaar 222 --- E O F --- 2008-07-16 13:03:04
  7. honk
    ComboFix 09-02-02.03 - hendrik 2009-02-02 22:27:29.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.3070.2273 [GMT 1:00] Gestart vanuit: d:\documenten hendrik\Programma's\ComboFix.exe AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) FW: BullGuard Firewall *enabled* * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2009-01-02 to 2009-02-02 )))))))))))))))))))))))))))))) . 2009-02-02 17:59 . 2009-02-02 19:10 47 --a------ c:\windows\System32\bad_packet 2009-02-02 17:58 . 2009-02-02 19:02 3,474 --a------ c:\windows\System32\nodes.txt.tmp 2009-01-31 21:15 . 2009-01-31 21:15 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-01-31 21:15 . 2009-01-31 21:17 <DIR> d-------- c:\program files\Microsoft 2009-01-31 21:04 . 2009-02-02 19:25 <DIR> d-------- c:\users\hendrik\Tracing 2009-01-31 20:42 . 2009-01-31 20:42 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-01-31 20:42 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll 2009-01-31 20:42 . 2009-01-31 20:42 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2009-01-31 20:42 . 2009-01-31 20:42 347,648 --a------ c:\windows\System32\WindowsCodecsExt.dll 2009-01-31 20:34 . 2009-01-31 20:34 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\users\hendrik\AppData\Roaming\Malwarebytes 2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\programdata\Malwarebytes 2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-31 19:23 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-01-31 19:23 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-01-30 17:58 . 2009-01-30 17:58 <DIR> d-------- c:\program files\Mixxx 2009-01-29 17:54 . 2009-01-29 17:54 10,752 ---h----- c:\windows\pp1.exe 2009-01-23 18:47 . 2009-01-23 18:47 1 ---h----- c:\windows\f5667t5.dat 2009-01-23 16:28 . 2009-01-23 16:28 55,504 --a------ c:\windows\System32\drivers\BdFileSpy.sys 2009-01-20 20:06 . 2009-02-02 19:21 <DIR> d-------- c:\users\hendrik\AppData\Roaming\FrostWire 2009-01-20 20:04 . 2009-01-20 20:06 <DIR> d-------- c:\program files\FrostWire 2009-01-18 15:38 . 2009-01-18 15:38 <DIR> d-------- C:\Westwood 2009-01-17 14:27 . 2009-01-17 14:27 <DIR> d-------- C:\.jagex_cache_32 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-02 18:28 --------- d-----w c:\programdata\BullGuard 2009-02-01 12:51 27,525 ----a-w c:\users\hendrik\AppData\Roaming\nvModes.dat 2009-01-31 20:16 --------- d-----w c:\program files\Windows Live 2009-01-20 19:05 --------- d-----w c:\program files\LimeWire 2009-01-20 18:28 --------- d-----w c:\users\hendrik\AppData\Roaming\LimeWire 2009-01-17 13:28 34 ----a-w c:\users\hendrik\jagex_runescape_preferences.dat 2008-12-15 14:39 --------- d-----w c:\users\hendrik\AppData\Roaming\BullGuard 2008-12-12 17:13 --------- d-----w c:\programdata\Avanquest Bluetooth SDK 2008-12-12 17:00 --------- d-----w c:\program files\Avanquest update 2008-12-12 16:57 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-12 16:57 --------- d-----w c:\programdata\BVRP Software 2008-12-12 15:56 --------- d-----w c:\programdata\Sony Ericsson 2008-12-12 15:56 --------- d-----w c:\program files\Sony Ericsson 2008-12-10 17:37 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-10 17:37 --------- d-----w c:\program files\iTunes 2008-12-10 17:36 --------- d-----w c:\program files\iPod 2008-12-10 17:36 --------- d-----w c:\program files\Common Files\Apple 2008-12-10 17:35 --------- d-----w c:\program files\Bonjour 2008-12-10 17:34 --------- d-----w c:\program files\QuickTime 2008-12-07 12:41 --------- d-----w c:\users\hendrik\AppData\Roaming\Sony 2008-12-07 12:41 --------- d-----w c:\programdata\Sony 2008-12-07 12:34 --------- d-----w c:\program files\Sony 2008-12-04 23:31 308,584 ----a-w c:\windows\WLXPGSS.SCR 2008-12-03 20:16 --------- d-----w c:\program files\Vstep 2008-12-03 20:13 --------- d-----w c:\program files\Kellogg's 2008-12-03 13:49 410,984 ----a-w c:\windows\System32\deploytk.dll 2008-12-03 13:49 --------- d-----w c:\program files\Java 2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll 2008-11-08 14:40 19,784 ----a-w c:\windows\System32\BgOutlookHook.dll 2008-11-08 14:40 14,152 ----a-w c:\windows\System32\lccl.dll 2008-11-08 14:40 14,152 ----a-w c:\windows\System32\client_cc.dll 2008-07-30 21:51 0 ----a-w c:\users\hendrik\AppData\Roaming\wklnhst.dat 2008-07-16 13:26 174 --sha-w c:\program files\desktop.ini 2008-07-15 18:13 0 ---h--w c:\users\All Users\PKP_DLdu.DAT 2008-07-15 18:13 0 ---h--w c:\programdata\PKP_DLdu.DAT 2008-07-25 17:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-07-25 17:24 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-07-25 17:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-31_23.49.15,61 ))))))))))))))))))))))))))))))))))))))))) . - 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE - 2009-01-31 22:38:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-02-02 18:22:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-01-31 22:38:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-02-02 18:22:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-01-31 22:39:46 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-02-02 18:25:20 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT - 2009-01-31 22:39:51 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-02-02 18:25:14 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-02-02 18:25:14 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2000-08-31 07:00:00 286,720 ----a-w c:\windows\SWREG.exe + 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe - 2009-01-31 22:38:34 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-02-02 18:24:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-01-31 22:38:34 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-02-02 18:24:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-01-31 22:38:34 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-02-02 18:24:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-01-31 22:47:08 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat + 2009-02-02 21:27:20 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat + 2009-02-02 21:27:20 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1 - 2009-01-31 22:41:00 7,458 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3214536521-4072128669-3750770202-1000_UserData.bin + 2009-02-02 18:26:07 7,642 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3214536521-4072128669-3750770202-1000_UserData.bin - 2009-01-31 22:41:00 77,756 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-02-02 18:26:06 77,988 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-01-31 22:40:59 43,952 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-02-02 18:26:05 44,374 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-01-24 18:31:49 254,058 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2009-02-02 20:22:16 254,882 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin - 2009-01-15 18:59:42 263,528 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2009-02-02 15:53:01 269,856 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-14 1232896] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-01-23 304464] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-08 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-08 8462336] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-08 81920] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-03-14 561152] "BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-01-23 304464] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 622592] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "pp"="c:\windows\pp1.exe" [2009-01-29 10752] "RtHDVCpl"="RtHDVCpl.exe" [2007-11-08 c:\windows\RtHDVCpl.exe] c:\users\hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ aveosti.exe.lnk - c:\program files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe [2008-04-14 28672] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-27 2756608] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{239FA296-4E8B-476F-863E-79A4978EC950}"= c:\program files\CyberLink\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express "{40E9D768-04BB-4A17-B090-9921DAC59E4F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{875C8622-8B9E-4A5E-A484-E4E0554AC6D1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{F4CA5235-B03C-4B04-81FC-19D32B817214}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{5B71AA69-59F8-4F5E-AA14-2E93BFB20BD9}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{282AE276-98E3-4A7D-BB93-F12701AC1A77}d:\\documenten hendrik\\et.exe"= UDP:d:\documenten hendrik\et.exe:ET "UDP Query User{1AD21FE0-E37C-4077-B299-63E752B06299}d:\\documenten hendrik\\et.exe"= TCP:d:\documenten hendrik\et.exe:ET "TCP Query User{356DB3F7-7E10-442D-B775-F31A2F76A43E}d:\\documenten hendrik\\programma's\\wet\\et.exe"= UDP:d:\documenten hendrik\programma's\wet\et.exe:ET "UDP Query User{1647553D-4DD4-4811-AC24-9FCFEBD19A8C}d:\\documenten hendrik\\programma's\\wet\\et.exe"= TCP:d:\documenten hendrik\programma's\wet\et.exe:ET "{760A0F79-3C8D-486A-8233-867820454F3E}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1 "{638546E7-2F5F-49B7-9C52-0F56222A868F}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1 "{E8959A03-5D35-486C-BC26-850D922E3E2E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{49A45A45-6EB8-40BF-A963-B214B8BE3A8D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{8C19DEF8-E580-4D45-847D-09FCAB020D73}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{905AA0AB-8928-43A6-9CBA-84A1555838A1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{8D2976B0-F416-461F-9039-612B8F493768}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{850EF4FC-3BC5-441B-BFDC-3B333DED20F6}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire "{960D7CDF-D5D6-49EB-94A7-5CAC4A2EE957}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2008-04-14 210224] R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\Afw.sys [2007-11-28 28696] R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\System32\drivers\BdFileSpy.sys [2009-01-23 55504] R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [2006-11-02 22016] R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [2006-11-02 22016] R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [2006-11-02 22016] R2 eID CRL Service;eID CRL Service;c:\windows\System32\beidservicecrl.exe [2007-02-19 225280] R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [2008-04-14 61440] R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\System32\drivers\AfwCore.sys [2008-11-08 263192] R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-04-14 32256] R3 MGHwCtrl;MGHwCtrl;c:\windows\System32\drivers\MGHwCtrl.sys [2008-04-14 19456] R3 Reconn;BullGuard Email Monitor;c:\program files\BullGuard Ltd\BullGuard\Reconn.sys [2007-10-29 16984] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\System32\drivers\a38usbxp.sys [2004-04-30 24832] S3 eID Privacy Service;eID Privacy Service;c:\windows\System32\beidservicepcsc.exe [2007-02-19 331776] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hln.be/ uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab FF - ProfilePath - c:\users\hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\gkvdumvx.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-02 22:28:45 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(1564) c:\program files\BullGuard Ltd\BullGuard\antispam\PluginHook.dll c:\program files\BullGuard Ltd\BullGuard\res\nl\PluginHookRes.dll . Voltooingstijd: 2009-02-02 22:30:13 ComboFix-quarantined-files.txt 2009-02-02 21:30:10 ComboFix2.txt 2009-02-01 12:37:45 ComboFix3.txt 2009-01-31 22:50:21 Pre-Run: 10.135.810.048 bytes beschikbaar Post-Run: 10,003,296,256 bytes beschikbaar 222 --- E O F --- 2008-07-16 13:03:04 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:32:26, on 2/02/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\pp1.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe D:\documenten hendrik\Programma's\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [pp] c:\windows\pp1.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: aveosti.exe.lnk = ? O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldnl-be.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eID CRL Service - Zetes - C:\Windows\system32\beidservicecrl.exe O23 - Service: eID Privacy Service - Zetes - C:\Windows\system32\beidservicepcsc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 7556 bytes
  8. honk
    Maar het tabblad doet zich nog steeds voor... moet ik nu downloaden wat het tabblad zegt of juist niet? mvg, honk
  9. honk
    Mijn virusbescherming stond nog uit van dat ene porgramma dat ik moest gebruiken...
  10. honk
    Malwarebytes' Anti-Malware 1.33 Database versie: 1712 Windows 6.0.6000 2/02/2009 19:10:33 mbam-log-2009-02-02 (19-10-33).txt Scan type: Volledige Scan (C:\|D:\|) Objecten gescand: 116325 Verstreken tijd: 48 minute(s), 54 second(s) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 4 Registersleutels geïnfecteerd: 32 Registerwaarden geïnfecteerd: 2 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 3 Bestanden geïnfecteerd: 17 Geheugenprocessen geïnfecteerd: C:\Program Files\Search Spider\searchspidersvc.exe (Adware.SearchSpider) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: C:\Program Files\Search Spider\SearchSpider.dll (Adware.SearchSpider) -> Delete on reboot. C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-1.dll (Adware.PlayMP3Z-biz) -> Delete on reboot. C:\Program Files\BrowsingAdvisor\pcre3.dll (Adware.PlayMP3Z-biz) -> Delete on reboot. C:\Windows\System32\winel77.dll (Trojan.Agent) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\searchspidersvc (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\searchspidersvc (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{35bf6598-2014-4835-b5fd-0ee1af30a470} (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6bee60e-6bbb-4a3a-b0e3-107d203d5b78} (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fb24fc1b-ca66-4e63-9130-4b3893fe1681} (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c28d210b-755b-461f-8141-fd381889d451} (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c28d210b-755b-461f-8141-fd381889d451} (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c28d210b-755b-461f-8141-fd381889d451} (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ca5b0823-5d3e-4333-b27a-e35e361e2179} (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\browsingadvisor.****pro_bho (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3239a0ea-4203-7bf5-cd1d-fdb0169b2778} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{02110cf9-3753-c2c5-b1a9-21599c9bfe9e} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2f392e48-ca02-684d-a10a-48cc0d456dc2} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{85c33570-fc4b-4bea-70b5-f7c9b9cd5e6f} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{06075f5d-ef05-16d5-5687-249a7c80eb26} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5b225ecb-2ed9-991d-713c-461009a60f29} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f1e96edc-e0c8-be98-1f15-c29dbed83b53} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f1e96edc-e0c8-be98-1f15-c29dbed83b53} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1e96edc-e0c8-be98-1f15-c29dbed83b53} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\browsingadvisor.****pro_bho.1 (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\searchspider.spiderbho (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\searchspider.spiderbho.1 (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browsingadvisor (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a00cad9d-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a00cad9d-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a00cad9d-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: C:\Program Files\BrowsingAdvisor (Adware.PlayMP3Z-biz) -> Delete on reboot. C:\Program Files\Search Spider (Adware.SearchSpider) -> Delete on reboot. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Program Files\Search Spider\searchspidersvc.exe (Adware.SearchSpider) -> Quarantined and deleted successfully. C:\Program Files\Search Spider\SearchSpider.dll (Adware.SearchSpider) -> Delete on reboot. C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-1.dll (Adware.PlayMP3Z-biz) -> Delete on reboot. C:\Program Files\Search Spider\SpiderUpdate.exe (Adware.SearchSpider) -> Quarantined and deleted successfully. C:\Users\hendrik\AppData\Local\Temp\tem1637.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Users\hendrik\AppData\Local\Temp\tem23D4.tmp.exe (Adware.BrowsingEnhancer) -> Quarantined and deleted successfully. C:\Users\hendrik\AppData\Local\Temp\tem3395.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Users\hendrik\AppData\Local\Temp\tem4BD1.tmp.exe (Adware.SearchSpider) -> Quarantined and deleted successfully. C:\Program Files\BrowsingAdvisor\pcre3.dll (Adware.PlayMP3Z-biz) -> Delete on reboot. C:\Program Files\BrowsingAdvisor\uninstall.exe (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. C:\Program Files\Search Spider\dbghelp.dll (Adware.SearchSpider) -> Quarantined and deleted successfully. C:\Program Files\Search Spider\DownloadGnutella.exe (Adware.SearchSpider) -> Quarantined and deleted successfully. C:\Program Files\Search Spider\SearchSpider.url (Adware.SearchSpider) -> Quarantined and deleted successfully. C:\Program Files\Search Spider\unins000.dat (Adware.SearchSpider) -> Quarantined and deleted successfully. C:\Program Files\Search Spider\unins000.exe (Adware.SearchSpider) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully. C:\Windows\System32\winel77.dll (Trojan.Agent) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:30:50, on 2/02/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\System Control Manager\MGSysCtrl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\pp1.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe D:\documenten hendrik\Programma's\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSI -- MICRO-STAR INT'L CO.,LTD. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SearchIt99 - {A155F976-57CE-485C-8526-2F477BD7B175} - C:\Users\Public\Documents\SearchIt99\SearchIt99.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: SearchIt99 - {A155F976-57CE-485C-8526-2F477BD7B175} - C:\Users\Public\Documents\SearchIt99\SearchIt99.dll O3 - Toolbar: (no name) - {A00CAD9C-B39E-46EB-8675-F0760D70F4AC} - (no file) O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [pp] c:\windows\pp1.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: aveosti.exe.lnk = ? O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldnl-be.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eID CRL Service - Zetes - C:\Windows\system32\beidservicecrl.exe O23 - Service: eID Privacy Service - Zetes - C:\Windows\system32\beidservicepcsc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 8049 bytes
  11. honk
    Malwarebytes' Anti-Malware 1.33 Database versie: 1712 Windows 6.0.6000 2/02/2009 19:10:33 mbam-log-2009-02-02 (19-10-33).txt Scan type: Volledige Scan (C:\|D:\|) Objecten gescand: 116325 Verstreken tijd: 48 minute(s), 54 second(s) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 4 Registersleutels geïnfecteerd: 32 Registerwaarden geïnfecteerd: 2 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 3 Bestanden geïnfecteerd: 17 Geheugenprocessen geïnfecteerd: C:\Program Files\Search Spider\searchspidersvc.exe (Adware.SearchSpider) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: C:\Program Files\Search Spider\SearchSpider.dll (Adware.SearchSpider) -> Delete on reboot. C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-1.dll (Adware.PlayMP3Z-biz) -> Delete on reboot. C:\Program Files\BrowsingAdvisor\pcre3.dll (Adware.PlayMP3Z-biz) -> Delete on reboot. C:\Windows\System32\winel77.dll (Trojan.Agent) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\searchspidersvc (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\searchspidersvc (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{35bf6598-2014-4835-b5fd-0ee1af30a470} (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6bee60e-6bbb-4a3a-b0e3-107d203d5b78} (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fb24fc1b-ca66-4e63-9130-4b3893fe1681} (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c28d210b-755b-461f-8141-fd381889d451} (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c28d210b-755b-461f-8141-fd381889d451} (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c28d210b-755b-461f-8141-fd381889d451} (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ca5b0823-5d3e-4333-b27a-e35e361e2179} (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\browsingadvisor.****pro_bho (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3239a0ea-4203-7bf5-cd1d-fdb0169b2778} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{02110cf9-3753-c2c5-b1a9-21599c9bfe9e} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2f392e48-ca02-684d-a10a-48cc0d456dc2} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{85c33570-fc4b-4bea-70b5-f7c9b9cd5e6f} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{06075f5d-ef05-16d5-5687-249a7c80eb26} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5b225ecb-2ed9-991d-713c-461009a60f29} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f1e96edc-e0c8-be98-1f15-c29dbed83b53} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f1e96edc-e0c8-be98-1f15-c29dbed83b53} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1e96edc-e0c8-be98-1f15-c29dbed83b53} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\browsingadvisor.****pro_bho.1 (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\searchspider.spiderbho (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\searchspider.spiderbho.1 (Adware.SearchSpider) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browsingadvisor (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a00cad9d-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a00cad9d-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a00cad9d-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: C:\Program Files\BrowsingAdvisor (Adware.PlayMP3Z-biz) -> Delete on reboot. C:\Program Files\Search Spider (Adware.SearchSpider) -> Delete on reboot. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Program Files\Search Spider\searchspidersvc.exe (Adware.SearchSpider) -> Quarantined and deleted successfully. C:\Program Files\Search Spider\SearchSpider.dll (Adware.SearchSpider) -> Delete on reboot. C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-1.dll (Adware.PlayMP3Z-biz) -> Delete on reboot. C:\Program Files\Search Spider\SpiderUpdate.exe (Adware.SearchSpider) -> Quarantined and deleted successfully. C:\Users\hendrik\AppData\Local\Temp\tem1637.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Users\hendrik\AppData\Local\Temp\tem23D4.tmp.exe (Adware.BrowsingEnhancer) -> Quarantined and deleted successfully. C:\Users\hendrik\AppData\Local\Temp\tem3395.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Users\hendrik\AppData\Local\Temp\tem4BD1.tmp.exe (Adware.SearchSpider) -> Quarantined and deleted successfully. C:\Program Files\BrowsingAdvisor\pcre3.dll (Adware.PlayMP3Z-biz) -> Delete on reboot. C:\Program Files\BrowsingAdvisor\uninstall.exe (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully. C:\Program Files\Search Spider\dbghelp.dll (Adware.SearchSpider) -> Quarantined and deleted successfully. C:\Program Files\Search Spider\DownloadGnutella.exe (Adware.SearchSpider) -> Quarantined and deleted successfully. C:\Program Files\Search Spider\SearchSpider.url (Adware.SearchSpider) -> Quarantined and deleted successfully. C:\Program Files\Search Spider\unins000.dat (Adware.SearchSpider) -> Quarantined and deleted successfully. C:\Program Files\Search Spider\unins000.exe (Adware.SearchSpider) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully. C:\Windows\System32\winel77.dll (Trojan.Agent) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:30:50, on 2/02/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\System Control Manager\MGSysCtrl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\pp1.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe D:\documenten hendrik\Programma's\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSI -- MICRO-STAR INT'L CO.,LTD. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SearchIt99 - {A155F976-57CE-485C-8526-2F477BD7B175} - C:\Users\Public\Documents\SearchIt99\SearchIt99.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: SearchIt99 - {A155F976-57CE-485C-8526-2F477BD7B175} - C:\Users\Public\Documents\SearchIt99\SearchIt99.dll O3 - Toolbar: (no name) - {A00CAD9C-B39E-46EB-8675-F0760D70F4AC} - (no file) O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [pp] c:\windows\pp1.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: aveosti.exe.lnk = ? O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldnl-be.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eID CRL Service - Zetes - C:\Windows\system32\beidservicecrl.exe O23 - Service: eID Privacy Service - Zetes - C:\Windows\system32\beidservicepcsc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 8049 bytes
  12. honk
    BTW: ik heb hierjuist een volledige scan gedaan met malwarebytes' en hij had 59 geïnfecteerde bestanden gevonden. Dus die ijn nu allemaal verwijderd en opgelost en ik zal je de komende dagen zeggen of dit zich nog voordoet. mvg, Honk
  13. honk
    Dit krijg ik...
  14. honk
    krijg ik aub nog antwoord want dit venster dat altijd verschijnt is echt wel irritant.
  15. honk
    ik heb foto's gemaakt van wat er allemaal verschijnt, maar ik weet niet hoe ik deze hier upload... daarmee hebt u wat meer informatie wat er gebeurt.
  16. honk
    ComboFix 09-01-31.02 - hendrik 2009-02-01 13:34:59.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.3070.2172 [GMT 1:00] Gestart vanuit: d:\documenten hendrik\Programma's\ComboFix.exe gebruikte Opdracht switches :: log AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) FW: BullGuard Firewall *enabled* * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))) . 2009-01-31 21:15 . 2009-01-31 21:15 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-01-31 21:15 . 2009-01-31 21:17 <DIR> d-------- c:\program files\Microsoft 2009-01-31 21:04 . 2009-02-01 13:25 <DIR> d-------- c:\users\hendrik\Tracing 2009-01-31 20:42 . 2009-01-31 20:42 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-01-31 20:42 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll 2009-01-31 20:42 . 2009-01-31 20:42 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2009-01-31 20:42 . 2009-01-31 20:42 347,648 --a------ c:\windows\System32\WindowsCodecsExt.dll 2009-01-31 20:34 . 2009-01-31 20:34 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\users\hendrik\AppData\Roaming\Malwarebytes 2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\programdata\Malwarebytes 2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-31 19:23 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-01-31 19:23 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-01-30 17:58 . 2009-01-30 17:58 <DIR> d-------- c:\program files\Mixxx 2009-01-29 17:54 . 2009-01-29 17:54 10,752 ---h----- c:\windows\pp1.exe 2009-01-23 18:47 . 2009-01-23 18:47 1 ---h----- c:\windows\f5667t5.dat 2009-01-23 16:28 . 2009-01-23 16:28 55,504 --a------ c:\windows\System32\drivers\BdFileSpy.sys 2009-01-20 20:06 . 2009-01-23 18:57 <DIR> d-------- c:\users\hendrik\AppData\Roaming\FrostWire 2009-01-20 20:04 . 2009-01-20 20:06 <DIR> d-------- c:\program files\FrostWire 2009-01-18 15:38 . 2009-01-18 15:38 <DIR> d-------- C:\Westwood 2009-01-17 14:27 . 2009-01-17 14:27 <DIR> d-------- C:\.jagex_cache_32 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-01 12:26 --------- d-----w c:\programdata\BullGuard 2009-02-01 12:25 27,525 ----a-w c:\users\hendrik\AppData\Roaming\nvModes.dat 2009-01-31 20:16 --------- d-----w c:\program files\Windows Live 2009-01-20 19:05 --------- d-----w c:\program files\LimeWire 2009-01-20 18:28 --------- d-----w c:\users\hendrik\AppData\Roaming\LimeWire 2009-01-17 13:28 34 ----a-w c:\users\hendrik\jagex_runescape_preferences.dat 2008-12-15 14:39 --------- d-----w c:\users\hendrik\AppData\Roaming\BullGuard 2008-12-12 17:13 --------- d-----w c:\programdata\Avanquest Bluetooth SDK 2008-12-12 17:00 --------- d-----w c:\program files\Avanquest update 2008-12-12 16:57 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-12 16:57 --------- d-----w c:\programdata\BVRP Software 2008-12-12 15:56 --------- d-----w c:\programdata\Sony Ericsson 2008-12-12 15:56 --------- d-----w c:\program files\Sony Ericsson 2008-12-10 17:37 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-10 17:37 --------- d-----w c:\program files\iTunes 2008-12-10 17:36 --------- d-----w c:\program files\iPod 2008-12-10 17:36 --------- d-----w c:\program files\Common Files\Apple 2008-12-10 17:35 --------- d-----w c:\program files\Bonjour 2008-12-10 17:34 --------- d-----w c:\program files\QuickTime 2008-12-07 12:41 --------- d-----w c:\users\hendrik\AppData\Roaming\Sony 2008-12-07 12:41 --------- d-----w c:\programdata\Sony 2008-12-07 12:34 --------- d-----w c:\program files\Sony 2008-12-04 23:31 308,584 ----a-w c:\windows\WLXPGSS.SCR 2008-12-03 20:16 --------- d-----w c:\program files\Vstep 2008-12-03 20:13 --------- d-----w c:\program files\Kellogg's 2008-12-03 13:49 410,984 ----a-w c:\windows\System32\deploytk.dll 2008-12-03 13:49 --------- d-----w c:\program files\Java 2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll 2008-11-08 14:40 19,784 ----a-w c:\windows\System32\BgOutlookHook.dll 2008-11-08 14:40 14,152 ----a-w c:\windows\System32\lccl.dll 2008-11-08 14:40 14,152 ----a-w c:\windows\System32\client_cc.dll 2008-07-30 21:51 0 ----a-w c:\users\hendrik\AppData\Roaming\wklnhst.dat 2008-07-16 13:26 174 --sha-w c:\program files\desktop.ini 2008-07-15 18:13 0 ---h--w c:\users\All Users\PKP_DLdu.DAT 2008-07-15 18:13 0 ---h--w c:\programdata\PKP_DLdu.DAT 2008-07-25 17:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-07-25 17:24 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-07-25 17:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-31_23.49.15,61 ))))))))))))))))))))))))))))))))))))))))) . - 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE - 2009-01-31 22:38:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-02-01 12:25:08 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-01-31 22:38:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-02-01 12:25:08 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-01-31 22:39:46 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-02-01 12:25:50 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-02-01 12:25:50 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-01-31 22:39:51 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-02-01 12:25:55 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-02-01 12:25:55 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-01-31 22:38:34 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-02-01 12:31:33 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-01-31 22:38:34 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-02-01 12:31:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-01-31 22:38:34 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-02-01 12:31:33 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-01-31 22:47:08 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat + 2009-02-01 12:34:50 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat + 2009-02-01 12:34:50 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1 - 2009-01-31 22:41:00 7,458 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3214536521-4072128669-3750770202-1000_UserData.bin + 2009-02-01 12:26:54 7,458 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3214536521-4072128669-3750770202-1000_UserData.bin - 2009-01-31 22:41:00 77,756 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-02-01 12:26:54 77,890 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-01-31 22:40:59 43,952 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-02-01 12:26:53 44,016 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-14 1232896] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-01-23 304464] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-08 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-08 8462336] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-08 81920] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-03-14 561152] "BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-01-23 304464] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 622592] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "pp"="c:\windows\pp1.exe" [2009-01-29 10752] "RtHDVCpl"="RtHDVCpl.exe" [2007-11-08 c:\windows\RtHDVCpl.exe] c:\users\hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ aveosti.exe.lnk - c:\program files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe [2008-04-14 28672] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-27 2756608] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{239FA296-4E8B-476F-863E-79A4978EC950}"= c:\program files\CyberLink\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express "{40E9D768-04BB-4A17-B090-9921DAC59E4F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{875C8622-8B9E-4A5E-A484-E4E0554AC6D1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{F4CA5235-B03C-4B04-81FC-19D32B817214}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{5B71AA69-59F8-4F5E-AA14-2E93BFB20BD9}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{282AE276-98E3-4A7D-BB93-F12701AC1A77}d:\\documenten hendrik\\et.exe"= UDP:d:\documenten hendrik\et.exe:ET "UDP Query User{1AD21FE0-E37C-4077-B299-63E752B06299}d:\\documenten hendrik\\et.exe"= TCP:d:\documenten hendrik\et.exe:ET "TCP Query User{356DB3F7-7E10-442D-B775-F31A2F76A43E}d:\\documenten hendrik\\programma's\\wet\\et.exe"= UDP:d:\documenten hendrik\programma's\wet\et.exe:ET "UDP Query User{1647553D-4DD4-4811-AC24-9FCFEBD19A8C}d:\\documenten hendrik\\programma's\\wet\\et.exe"= TCP:d:\documenten hendrik\programma's\wet\et.exe:ET "{760A0F79-3C8D-486A-8233-867820454F3E}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1 "{638546E7-2F5F-49B7-9C52-0F56222A868F}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1 "{E8959A03-5D35-486C-BC26-850D922E3E2E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{49A45A45-6EB8-40BF-A963-B214B8BE3A8D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{8C19DEF8-E580-4D45-847D-09FCAB020D73}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{905AA0AB-8928-43A6-9CBA-84A1555838A1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{8D2976B0-F416-461F-9039-612B8F493768}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{850EF4FC-3BC5-441B-BFDC-3B333DED20F6}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire "{960D7CDF-D5D6-49EB-94A7-5CAC4A2EE957}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2008-04-14 210224] R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\Afw.sys [2007-11-28 28696] R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\System32\drivers\AfwCore.sys [2008-11-08 263192] R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-04-14 32256] R3 MGHwCtrl;MGHwCtrl;c:\windows\System32\drivers\MGHwCtrl.sys [2008-04-14 19456] R3 Reconn;BullGuard Email Monitor;c:\program files\BullGuard Ltd\BullGuard\Reconn.sys [2007-10-29 16984] R4 BdFileSpy;BullGuard File Monitor Driver;c:\windows\System32\drivers\BdFileSpy.sys [2009-01-23 55504] R4 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [2006-11-02 22016] R4 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [2006-11-02 22016] R4 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [2006-11-02 22016] R4 eID CRL Service;eID CRL Service;c:\windows\System32\beidservicecrl.exe [2007-02-19 225280] R4 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [2008-04-14 61440] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\System32\drivers\a38usbxp.sys [2004-04-30 24832] S3 eID Privacy Service;eID Privacy Service;c:\windows\System32\beidservicepcsc.exe [2007-02-19 331776] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hln.be/ uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab FF - ProfilePath - c:\users\hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\gkvdumvx.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-01 13:36:12 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(4568) c:\program files\BullGuard Ltd\BullGuard\antispam\PluginHook.dll c:\program files\BullGuard Ltd\BullGuard\res\nl\PluginHookRes.dll . Voltooingstijd: 2009-02-01 13:37:44 ComboFix-quarantined-files.txt 2009-02-01 12:37:38 ComboFix2.txt 2009-01-31 22:50:21 Pre-Run: 9.281.048.576 bytes beschikbaar Post-Run: 9,148,137,472 bytes beschikbaar 213 --- E O F --- 2008-07-16 13:03:04 DEZE HEB IK OPNIEUW GEDAAN...
  17. honk
    ComboFix 09-01-31.01 - hendrik 2009-01-31 23:47:20.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.3070.2130 [GMT 1:00] Gestart vanuit: d:\documenten hendrik\Programma's\ComboFix.exe AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) FW: BullGuard Firewall *enabled* * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\emMON.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-12-28 to 2009-01-31 )))))))))))))))))))))))))))))) . 2009-01-31 21:15 . 2009-01-31 21:15 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-01-31 21:15 . 2009-01-31 21:17 <DIR> d-------- c:\program files\Microsoft 2009-01-31 21:04 . 2009-01-31 23:39 <DIR> d-------- c:\users\hendrik\Tracing 2009-01-31 20:42 . 2009-01-31 20:42 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-01-31 20:42 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll 2009-01-31 20:42 . 2009-01-31 20:42 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2009-01-31 20:42 . 2009-01-31 20:42 347,648 --a------ c:\windows\System32\WindowsCodecsExt.dll 2009-01-31 20:34 . 2009-01-31 20:34 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\users\hendrik\AppData\Roaming\Malwarebytes 2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\programdata\Malwarebytes 2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-31 19:23 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-01-31 19:23 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-01-30 17:58 . 2009-01-30 17:58 <DIR> d-------- c:\program files\Mixxx 2009-01-29 17:54 . 2009-01-29 17:54 10,752 ---h----- c:\windows\pp1.exe 2009-01-23 18:47 . 2009-01-23 18:47 1 ---h----- c:\windows\f5667t5.dat 2009-01-23 16:28 . 2009-01-23 16:28 55,504 --a------ c:\windows\System32\drivers\BdFileSpy.sys 2009-01-20 20:06 . 2009-01-23 18:57 <DIR> d-------- c:\users\hendrik\AppData\Roaming\FrostWire 2009-01-20 20:04 . 2009-01-20 20:06 <DIR> d-------- c:\program files\FrostWire 2009-01-18 15:38 . 2009-01-18 15:38 <DIR> d-------- C:\Westwood 2009-01-17 14:27 . 2009-01-17 14:27 <DIR> d-------- C:\.jagex_cache_32 2008-12-12 18:13 . 2008-12-12 18:13 <DIR> d-------- c:\users\All Users\Avanquest Bluetooth SDK 2008-12-12 18:13 . 2008-12-12 18:13 <DIR> d-------- c:\programdata\Avanquest Bluetooth SDK 2008-12-12 17:57 . 2008-12-12 17:57 <DIR> d-------- c:\users\All Users\BVRP Software 2008-12-12 17:57 . 2008-12-12 17:57 <DIR> d-------- c:\programdata\BVRP Software 2008-12-12 17:57 . 2008-12-12 18:00 <DIR> d-------- c:\program files\Avanquest update 2008-12-12 16:56 . 2008-12-12 16:56 <DIR> d-------- c:\users\All Users\Sony Ericsson 2008-12-12 16:56 . 2008-12-12 16:56 <DIR> d-------- c:\programdata\Sony Ericsson 2008-12-10 18:36 . 2008-12-10 18:37 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-10 18:36 . 2008-12-10 18:37 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-10 18:36 . 2008-12-10 18:37 <DIR> d-------- c:\program files\iTunes 2008-12-10 18:36 . 2008-12-10 18:36 <DIR> d-------- c:\program files\iPod 2008-12-10 18:35 . 2008-12-10 18:35 <DIR> d-------- c:\program files\Bonjour 2008-12-10 18:34 . 2008-12-10 18:34 <DIR> d-------- c:\program files\QuickTime 2008-12-07 13:41 . 2008-12-07 13:41 <DIR> d-------- c:\users\hendrik\AppData\Roaming\Sony 2008-12-07 13:41 . 2008-12-07 13:41 <DIR> d-------- c:\users\All Users\Sony 2008-12-07 13:41 . 2008-12-07 13:41 <DIR> d-------- c:\programdata\Sony 2008-12-07 13:34 . 2008-12-12 16:56 <DIR> d-------- c:\program files\Sony Ericsson 2008-12-07 13:34 . 2008-12-07 13:34 <DIR> d-------- c:\program files\Sony 2008-12-05 00:31 . 2008-12-05 00:31 308,584 --a------ c:\windows\WLXPGSS.SCR 2008-12-03 14:49 . 2008-12-03 14:49 410,984 --a------ c:\windows\System32\deploytk.dll 2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\System32\sirenacm.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-31 22:40 --------- d-----w c:\programdata\BullGuard 2009-01-31 20:16 --------- d-----w c:\program files\Windows Live 2009-01-30 15:45 27,525 ----a-w c:\users\hendrik\AppData\Roaming\nvModes.dat 2009-01-20 19:05 --------- d-----w c:\program files\LimeWire 2009-01-20 18:28 --------- d-----w c:\users\hendrik\AppData\Roaming\LimeWire 2009-01-17 13:28 34 ----a-w c:\users\hendrik\jagex_runescape_preferences.dat 2008-12-15 14:39 --------- d-----w c:\users\hendrik\AppData\Roaming\BullGuard 2008-12-12 16:57 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-10 17:36 --------- d-----w c:\program files\Common Files\Apple 2008-12-03 20:16 --------- d-----w c:\program files\Vstep 2008-12-03 20:13 --------- d-----w c:\program files\Kellogg's 2008-12-03 13:49 --------- d-----w c:\program files\Java 2008-11-08 14:40 19,784 ----a-w c:\windows\System32\BgOutlookHook.dll 2008-11-08 14:40 14,152 ----a-w c:\windows\System32\lccl.dll 2008-11-08 14:40 14,152 ----a-w c:\windows\System32\client_cc.dll 2008-07-30 21:51 0 ----a-w c:\users\hendrik\AppData\Roaming\wklnhst.dat 2008-07-16 13:26 174 --sha-w c:\program files\desktop.ini 2008-07-15 18:13 0 ---h--w c:\users\All Users\PKP_DLdu.DAT 2008-07-15 18:13 0 ---h--w c:\programdata\PKP_DLdu.DAT 2008-07-25 17:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-07-25 17:24 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-07-25 17:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4
  18. honk
    nee, het is hierjuist nog opgekomen HULP IS EGT NODIG, want dit is irritant.
  19. honk
    ik denk dat het verdwenen is =) alvast ZEER bedankt Kape, ik zal je morgen zeggen of het er nog opgekomen is mvg, honk
  20. honk
    Ja dit schiet om de zovele minuten nog erop, maar ik merk precies toch een verschil ik zal het je morgen weten te zeggen kape. Alvast ZEER bedankt !! mvg, honk
  21. honk
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:06:09, on 31/01/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\System Control Manager\MGSysCtrl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\pp1.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Windows\Explorer.EXE C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\documenten hendrik\Programma's\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSI -- MICRO-STAR INT'L CO.,LTD. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [AveoKeySti] "C:\Program Files\\AVEO\AVEO_UVC_FILTER_DRIVER_KIT\AveoSTI.exe" O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [beidsystemtray] D:\documenten hendrik\Programma's\beidsystemtray.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [pp] c:\windows\pp1.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: aveosti.exe.lnk = ? O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldnl-be.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eID CRL Service - Zetes - C:\Windows\system32\beidservicecrl.exe O23 - Service: eID Privacy Service - Zetes - C:\Windows\system32\beidservicepcsc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 8423 bytes
  22. honk
    Malwarebytes' Anti-Malware 1.33 Database versie: 1712 Windows 6.0.6000 31/01/2009 19:33:05 mbam-log-2009-01-31 (19-33-05).txt Scan type: Snelle Scan Objecten gescand: 50095 Verstreken tijd: 2 minute(s), 42 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden)
  23. honk
    Hij vind geen kwaadaardige dingen. Wat nu?
  24. honk
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:24:12, on 31/01/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\System Control Manager\MGSysCtrl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\pp1.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Mixxx\mixxx.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Windows\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe D:\documenten hendrik\Programma's\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSI -- MICRO-STAR INT'L CO.,LTD. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [AveoKeySti] "C:\Program Files\\AVEO\AVEO_UVC_FILTER_DRIVER_KIT\AveoSTI.exe" O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [beidsystemtray] D:\documenten hendrik\Programma's\beidsystemtray.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [bVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\PROGRA~2\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT O4 - HKLM\..\Run: [pp] c:\windows\pp1.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: aveosti.exe.lnk = ? O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldnl-be.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eID CRL Service - Zetes - C:\Windows\system32\beidservicecrl.exe O23 - Service: eID Privacy Service - Zetes - C:\Windows\system32\beidservicepcsc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 8957 bytes
  25. honk
    hallo, Sinds een paar dagen verschijnt er altijd een nieuw tabblad in IE dat zegt dat mijn computer vol met trojans zit en virussen. Ik weet niet hoe ik hier mee moet omgaan. Het verschijnt echt altijd... Dit is de link [/url]??????????? ik weet niet wat jullie te zien krijgen, maar ik heb alvast alles eens gekopieerd; System Tasks View system information Add or remove programs Change a settings Other Places My Network Places My Documents Shared Documents Control Panel Details My Computer System Folder System scan progress 7 trojans Shared Documents 103 trojans My Documents Hard drives 362 trojans Local Disk (C:) 155 trojans Local Disk (D:) DVD DVD-RAM Drive (E:) 100% Scan complete. 527 threats was found! Your Computer is Infected! Threats and actions: Name Risk level Date Files infected State Email-Worm.Win32.Net Critical 11.18.2008 35 Waiting removal Email-Worm.Win32.Myd Critical 11.18.2008 35 Waiting removal Trojan-Downloader.Win Critical 11.18.2008 35 Waiting removal Description: This program is potentially dangerous for your system. Trojan-Downloader stealing passwords, credit cards and other personal information from your computer. Advice: You need to remove this threat as soon as possible! Full system cleanup Hoe kan ik dit verwijderen? Wanneer ik op het verschenen beeld klik dan komt er iets op om te downloade, nl. iets van een antivirusscanner... maar wanneer ik scan met mijn virusscan dan vind hij nooit iets. Help me aub. mvg, honk
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.