Have0
-
Items
408 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door Have0
-
Beste Kape, al weer bedankt voor uw tijd en hulp. Ik heb combifix alleen via link 1 gedownload. Op bureaublad zetten lukte mij niet. Wel heeft combifix gedraaid. Zie hieronder de logfiles. ComboFix 12-12-20.02 - Fam. Haverkamp 21-12-2012 19:11:04.9.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2039.1245 [GMT 1:00] Gestart vanuit: c:\documents and settings\Fam. Haverkamp\Mijn documenten\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\chrome.manifest c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\loader.xul c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\install.rdf c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf c:\documents and settings\Fam. Haverkamp\WINDOWS c:\windows\IsUn0413.exe c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\7e57c2728933ad14.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\f998975c9cc711ee.fb . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))) . . 2012-12-21 06:45 . 2012-12-21 06:45 -------- dc----w- c:\documents and settings\Paula\Application Data\AVG2013 2012-12-21 06:44 . 2012-12-21 06:44 -------- dc----w- c:\documents and settings\Paula\Local Settings\Application Data\Avg2013 2012-12-17 18:30 . 2012-12-17 18:30 -------- dc----w- c:\documents and settings\Fam. Haverkamp\Local Settings\Application Data\WinAVI 2012-12-17 18:30 . 2012-12-17 18:30 -------- dc----w- c:\documents and settings\Fam. Haverkamp\Application Data\WinAVI 2012-12-17 18:29 . 2012-12-17 18:29 -------- dc----w- c:\program files\WinAVI 2012-12-16 15:51 . 2012-12-16 16:08 -------- dc----w- c:\documents and settings\Fam. Haverkamp\Application Data\ImgBurn 2012-12-16 15:50 . 2012-12-16 15:50 -------- dc----w- c:\program files\ImgBurn 2012-12-16 15:30 . 2012-12-16 15:42 -------- dc----w- c:\program files\AnyToISO 2012-12-16 15:18 . 2012-12-16 15:18 -------- dc----w- c:\program files\Smart File Advisor 2012-12-16 10:24 . 2005-06-21 15:49 167936 -c--a-w- c:\windows\system32\igfxres.dll 2012-12-16 09:07 . 2012-12-20 15:31 -------- dc-h--r- c:\documents and settings\Fam. Haverkamp\Onlangs geopend 2012-12-15 16:50 . 2012-12-15 16:50 -------- dc----w- c:\program files\Smart Projects 2012-12-15 15:01 . 2012-12-15 15:01 -------- dc----w- c:\program files\Alcohol Soft 2012-12-15 14:57 . 2012-12-15 14:57 477240 -c--a-w- c:\windows\system32\drivers\sptd.sys 2012-12-14 19:31 . 2012-12-14 19:31 -------- dc----w- c:\documents and settings\Fam. Haverkamp\Application Data\AVG2013 2012-12-14 18:51 . 2012-12-14 18:51 -------- dc----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013 2012-12-14 18:49 . 2012-12-14 18:49 -------- dc----w- c:\documents and settings\Fam. Haverkamp\Application Data\TuneUp Software 2012-12-14 18:33 . 2012-12-14 18:51 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG2013 2012-12-14 18:22 . 2012-12-15 12:26 -------- dc----w- c:\documents and settings\Fam. Haverkamp\Local Settings\Application Data\Avg2013 2012-12-14 18:22 . 2012-12-14 18:22 -------- dc----w- c:\documents and settings\Fam. Haverkamp\Local Settings\Application Data\MFAData 2012-12-09 15:55 . 2012-12-09 15:55 -------- dc----w- c:\program files\MagicISO 2012-12-07 16:13 . 2012-12-07 16:16 -------- dc----w- c:\program files\Common Files\DivX Shared 2012-12-04 17:00 . 2012-03-01 12:32 1775732 -c--a-w- c:\documents and settings\Fam. Haverkamp\E360K_F050_DSP-E360RU-1002.0.BIN 2012-12-03 22:07 . 2012-12-03 22:07 -------- dc----w- c:\documents and settings\Fam. Haverkamp\Application Data\Softonic 2012-12-03 22:06 . 2012-12-03 22:06 -------- dc----w- c:\program files\Softonic 2012-12-03 22:02 . 2012-12-03 22:02 -------- dc----w- c:\documents and settings\Fam. Haverkamp\Application Data\4Free 2012-12-03 20:45 . 2012-12-03 20:45 -------- dc----w- c:\program files\Video Download Converter 2012-12-03 20:44 . 2012-12-03 20:44 -------- dc----w- c:\documents and settings\Fam. Haverkamp\Application Data\VideoDownloadConverter_4z 2012-12-03 20:44 . 2012-12-03 20:44 -------- dc----w- c:\program files\VideoDownloadConverter_4z 2012-12-03 19:07 . 2012-12-07 16:16 -------- dc----w- c:\documents and settings\Fam. Haverkamp\Application Data\DivX 2012-12-03 18:59 . 2012-12-07 16:17 -------- dc----w- c:\program files\DivX 2012-12-03 18:58 . 2012-12-07 16:17 -------- dc----w- c:\documents and settings\All Users\Application Data\DivX 2012-12-02 11:10 . 2012-12-02 11:10 -------- dc----w- c:\documents and settings\Fam. Haverkamp\Application Data\FLVPlayerPackages 2012-12-01 19:11 . 2012-12-03 17:22 -------- dc----w- c:\documents and settings\Fam. Haverkamp\Application Data\.minecraft 2012-12-01 17:56 . 2002-10-30 12:14 274432 -c--a-w- c:\windows\system32\NCTAudioPlayer.dll 2012-12-01 17:56 . 2002-11-15 12:17 892928 -c--a-w- c:\windows\system32\NCTAudioInformation.dll 2012-12-01 17:56 . 2002-11-13 10:14 1703936 -c--a-w- c:\windows\system32\NCTAudioFile.dll 2012-12-01 17:56 . 2002-09-06 10:36 233472 -c--a-w- c:\windows\system32\lame_enc.dll 2012-12-01 17:56 . 2012-12-01 17:58 -------- dc----w- c:\program files\Ace MP3 To WAV Converter 2012-11-25 18:40 . 2012-11-25 18:40 -------- dc----w- c:\documents and settings\Fam. Haverkamp\Application Data\AnvSoft 2012-11-25 18:40 . 2012-11-25 18:40 -------- dc----w- c:\program files\AnvSoft . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-16 12:23 . 2008-04-15 12:00 290560 -c--a-w- c:\windows\system32\atmfd.dll 2012-11-21 16:35 . 2012-10-06 10:29 87608 -c--a-w- c:\documents and settings\Fam. Haverkamp\Application Data\inst.exe 2012-11-21 16:35 . 2010-07-06 15:55 47360 -c--a-w- c:\windows\system32\drivers\pcouffin.sys 2012-11-21 16:35 . 2010-07-06 15:55 47360 -c--a-w- c:\documents and settings\Fam. Haverkamp\Application Data\pcouffin.sys 2012-11-19 15:50 . 2012-11-19 15:50 18816 -c--a-w- c:\windows\system32\drivers\dvd43llh.sys 2012-11-13 20:29 . 2012-11-13 20:29 354216 -c--a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2012-11-13 11:55 . 2008-04-15 12:00 1866496 -c--a-w- c:\windows\system32\win32k.sys 2012-11-02 02:03 . 2008-04-15 12:00 375296 -c--a-w- c:\windows\system32\dpnet.dll 2012-11-01 17:08 . 2012-11-01 17:08 1409 -c--a-w- c:\windows\system32\tmpE70C7.FOT 2012-11-01 12:12 . 2008-04-15 12:00 916992 -c--a-w- c:\windows\system32\wininet.dll 2012-11-01 12:12 . 2008-04-15 12:00 43520 -c----w- c:\windows\system32\licmgr10.dll 2012-11-01 12:12 . 2008-04-15 12:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2008-04-15 12:00 385024 -c----w- c:\windows\system32\html.iec 2012-10-31 15:20 . 2012-10-31 15:20 1409 -c--a-w- c:\windows\system32\tmpEBFA2.FOT 2012-10-27 15:53 . 2012-10-27 15:53 1409 -c--a-w- c:\windows\system32\tmp2FDEB.FOT 2012-10-27 08:07 . 2012-10-27 08:07 1409 -c--a-w- c:\windows\system32\tmpEE978.FOT 2012-10-27 07:44 . 2012-10-27 07:44 1409 -c--a-w- c:\windows\system32\tmp16DF2.FOT 2012-10-22 15:44 . 2012-10-22 15:44 1409 -c--a-w- c:\windows\system32\tmpBEAAA.FOT 2012-10-22 15:23 . 2012-10-22 15:23 1409 -c--a-w- c:\windows\system32\tmp61777.FOT 2012-10-22 12:02 . 2011-12-23 11:32 179936 -c--a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2012-10-15 02:48 . 2012-04-19 02:50 55776 -c--a-w- c:\windows\system32\drivers\avgidshx.sys 2012-10-05 02:32 . 2011-08-08 05:08 93536 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys 2012-10-02 18:04 . 2008-04-15 12:00 58368 -c--a-w- c:\windows\system32\synceng.dll 2012-10-02 02:30 . 2011-10-07 05:23 159712 -c--a-w- c:\windows\system32\drivers\avgldx86.sys 2012-09-29 17:54 . 2010-02-17 19:07 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-12-06 18:38 . 2012-12-06 18:37 262112 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ChkAdmin"="c:\progra~1\Compaq\COMPAQ~1\CHKADMIN.EXE" [2002-08-13 81920] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-06 3143800] "Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-05-11 441120] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Statusvenster.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Statusvenster.lnk backup=c:\windows\pss\Statusvenster.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-11 19:00 919008 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-31 11:20 38872 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2008-04-15 12:00 110592 -c--a-w- c:\windows\system32\bthprops.cpl . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] 2005-05-17 16:42 933888 -c----w- c:\program files\Brother\ControlCenter2\brctrcen.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-15 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer] 2012-11-13 18:13 450560 -c--a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2012-11-30 02:06 1263512 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43] 2009-10-23 18:34 827904 -c--a-w- c:\program files\dvd43\DVD43_Tray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] 2010-10-12 12:56 979328 -c--a-w- c:\program files\EPSON Software\Event Manager\EEventManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] 2005-01-26 16:02 49152 -c----w- c:\program files\Brother\Brmfl05a\BrStDvPt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "vToolbarUpdater"=2 (0x2) "AdvancedSystemCareService5"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Documents and Settings\\Fam. Haverkamp\\Mijn documenten\\Downloads\\solutoinstaller-j7SRa5z2T4.exe"= "c:\\Documents and Settings\\Fam. Haverkamp\\Mijn documenten\\Downloads\\SweetImSetup.exe"= "c:\\Documents and Settings\\Fam. Haverkamp\\Mijn documenten\\Downloads\\solutoinstaller-Xc32NqTd17.exe"= "c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"= "c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 3:50 55776] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21-9-2012 3:46 177376] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 35552] R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 12:32 179936] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 12:32 19936] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-10-2011 6:23 159712] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 164832] R1 ClntMgmt;Compaq Client Management Driver;c:\windows\system32\drivers\Clntmgmt.sys [17-2-2010 10:56 54272] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14-5-2009 17:07 759048] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22-10-2012 13:05 196664] R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [19-8-2011 19:40 140848] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6-7-2010 16:55 47360] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [6-11-2012 19:00 5814392] S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [5-1-2012 16:42 75624] S2 cpqWebDmi;Compaq DMI Web Agent;c:\progra~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe [17-2-2010 10:56 24576] S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\h:\everest ultimate edition 4.60 build 1500\kerneld.wnt --> h:\everest ultimate edition 4.60 build 1500\kerneld.wnt [?] . Inhoud van de 'Gedeelde Taken' map . 2012-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.telegraaf.nl/ mStart Page = hxxp://www.google.com IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 FF - ProfilePath - c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.telegraaf.nl/ FF - ExtSQL: 2012-12-03 21:44; 4zffxtbr@VideoDownloadConverter_4z.com; c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com FF - ExtSQL: 2012-12-03 23:06; ffxtlbra@softonic.com; c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\extensions\ffxtlbra@softonic.com FF - ExtSQL: 2012-12-07 17:16; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF - ExtSQL: !HIDDEN! 2012-12-03 21:45; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files\VideoDownloadConverter_4z\bar\1.bin FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=test331&chnl=test331&cd=2XzuyEtN2Y1L1QzutDtDtD0CyByCtBtAyEtC0D0AtBtCtA0BtN0D0Tzu0CtBzztDtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1826531049 FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=test331&chnl=test331&cd=2XzuyEtN2Y1L1QzutDtDtD0CyByCtBtAyEtC0D0AtBtCtA0BtN0D0Tzu0CtBzztDtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1826531049 FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=test331&chnl=test331&cd=2XzuyEtN2Y1L1QzutDtDtD0CyByCtBtAyEtC0D0AtBtCtA0BtN0D0Tzu0CtBzztDtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1826531049&q= FF - user.js: extensions.funmoods.id - 000C762341DA213B FF - user.js: extensions.funmoods.instlDay - 15619 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2213:23 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - test331 FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - test331 FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=b03f213b000000000000000c762341da&q= FF - user.js: extensions.BabylonToolbar.id - b03f213b000000000000000c762341da FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15676 FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8 FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.812:10 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings FF - user.js: extensions.Softonic.autoRvrt - false FF - user.js: extensions.Softonic_i.hmpg - true FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=13&cc= FF - user.js: extensions.Softonic.hpOld - hxxp://www.telegraaf.nl/ FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=13&cc= FF - user.js: extensions.Softonic.dfltSrch - true FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic) FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=2&cc=&q= FF - user.js: extensions.Softonic.dspOld - FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic) FF - user.js: extensions.Softonic_i.dnsErr - true FF - user.js: extensions.Softonic_i.newTab - true FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=15&cc= FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=1&cc=&q= FF - user.js: extensions.Softonic.id - b03f213b000000000000000c762341da FF - user.js: extensions.Softonic.instlDay - 15677 FF - user.js: extensions.Softonic.vrsn - 1.6.7.4 FF - user.js: extensions.Softonic.vrsni - 1.6.7.4 FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.7.423:08 FF - user.js: extensions.Softonic.prtnrId - softonic FF - user.js: extensions.Softonic.prdct - Softonic FF - user.js: extensions.Softonic.aflt - SD FF - user.js: extensions.Softonic_i.smplGrp - none FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive FF - user.js: extensions.Softonic.instlRef - INF00047 FF - user.js: extensions.Softonic.dfltLng - nl FF - user.js: extensions.Softonic.excTlbr - false FF - user.js: extensions.Softonic.admin - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-12-21 19:21 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\h:\everest ultimate edition 4.60 build 1500\kerneld.wnt" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,e8,b9,cb,c6,54,bd,4d,8f,86,35,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,e8,b9,cb,c6,54,bd,4d,8f,86,35,\ . [HKEY_USERS\S-1-5-21-1123561945-299502267-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1BBBAAD5-B106-1DF8-17B6-3C5537D0C8BC}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2012-12-21 19:26:36 ComboFix-quarantined-files.txt 2012-12-21 18:26 . Pre-Run: 18.926.931.968 bytes beschikbaar Post-Run: 18.937.507.840 bytes beschikbaar . - - End Of File - - 70B649B0EFF0D438778825D09E7DDADB Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:30:41, on 21-12-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHBE.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [smart File Advisor] "C:\Program Files\Smart File Advisor\sfa.exe" /checkassoc O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Compaq Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe -- End of file - 7040 bytes - - - Updated - - - Beste Kape, ik ben maar een leek maar zag toevallig onderstaande O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe Ik heb geen brotherprinter meer. Moet ik deze dan ook verwijderen ? Bedankt
-
Beste Kape of collega's, het laden van internetpagina's verloopt erg traag. Kunt u mijn nog een keer helpen ? Hieronder de logfiles. Bedankt en alvast fijne dagen en een goed gezond 2013. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:08:39, on 20-12-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHBE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: CrossriderApp0004479 - {11111111-1111-1111-1111-110011441179} - C:\Program Files\Giant Savings\Giant Savings.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.7.4\bh\Softonic.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll O3 - Toolbar: (no name) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - (no file) O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [smart File Advisor] "C:\Program Files\Smart File Advisor\sfa.exe" /checkassoc O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON SX440 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHBE.EXE /FU "C:\DOCUME~1\FAM~1.HAV\LOCALS~1\Temp\E_S73.tmp" /EF "HKCU" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Compaq Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe -- End of file - 8452 bytes Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free anti-malware download Databaseversie: v2012.12.20.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Fam. Haverkamp :: FAM-8CE7DC89595 [administrator] 20-12-2012 17:47:02 mbam-log-2012-12-20 (17-47-02).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 246472 Verstreken tijd: 38 minuut/minuten, 8 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)
-
Geachte lezer, ik heb van het merk Samsung een DVD-speler gekocht. Op hun site staat dat er een firmware update beschikbaar is. Ondersteuning voor DVD-E360 Ik moet dan een bin bestand downloaden en overbrengen naar mijn dvd speler. Ik weet niet wat er dan verder nog verandert voor mijn dvd speler maar het lukt mij niet. De dvd speler ziet niet dit bestand op een usb stick ook niet op een dvd. Ik weet niet hoe ik het moet overbrengen. DVD speler is niet verbonden op netwerk of internet. Wie kan mij helpen thanks !
-
Ik heb een laptop die draait op Windows 7. Hij gaf melding aan "Kernel_data_inpage_error". Ik heb laptop uitgezet en opnieuw opgestart via veilige modus. Ik wilde een filmpje bekijken maar het geluid deed het niet. Toen weer uitgezet, nu "blijft de laptop ergens hangen"? Weet niet of dit de juiste rubriek is, maar ik weet niet meer wat ik moet doen. Graag uw hulp. Alvast bedankt.
-
Mijn laptop gebruikt windows 7. Mijn vaste p.c. die via usb-kabel verbonden is met printer draait op windows xp
-
Ik heb een printer gekocht die ik wil aansluiten op router draadloos, zodat ik ook via mijn laptop kan printen. Ik ben mijn gegevens kwijt van de code van de router. Kan ik deze toch vinden op mijn vaste p.c. die ook verbonden is met deze router, bij welke instellingen kan ik deze vinden ? Alvast bedankt
-
Goede avond, ik heb een vraag. Ik heb zowel een pc-desktop en ook een laptop. De pc-desktop is verbonden via een kabel waardoor ik verbinding heb. De laptop heeft dit niet. Ik vraag me af zal ik op mijn laptop een hogere snelheid krijgen met via kabel internetten en een programma downloaden dan draadloos ? Of krijg ik dan als ik dit wissel verbindingsproblemen met mijn laptop en met mijn p.c. omdat ik internetkabel eruit haal en erin steek. Of moet ik dan nog iets in de software aanpassen ? Laptop is windows 7 en pc windows xp. Of verwacht u niet heel veel winst met snelheid op internet met mijn laptop als ik deze verbind met een internetkabel ? Bedankt alvast voor uw reactie.
-
Sorry Kape, inderdaad spatie vergeten. Nu is het gelukt. Alles doet het weer heerlijk snel. Super bedank !!!!
-
Beste Kape, ik heb Qoobox gevonden op de C schijf maar kan hem niet verwijderen. Er wordt aangegeven dat ik administratoreigenschappen moet opgeven om het te verwijderen. Hoe moet ik ook al weer inloggen als administrator bij Windows 7 ? Via zoekopdracht Combofix/Uninstall geeft hij aan geen bestanden gevonden. Ccleaner ben ik wel bekend mee dat heb en gebruik ik al. Kan ik zo toch ook Combofix verwijderen via Ccleaner of verwijdert hij dan niet alles of gaat via deze weg niet alles goed ?
-
ComboFix 12-07-29.01 - Have0 29-07-2012 13:12:13.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.4095.2818 [GMT 2:00] Gestart vanuit: c:\users\Have0\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Have0\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))) . . 2012-07-29 11:22 . 2012-07-29 11:22 -------- dc----w- c:\users\Default\AppData\Local\temp 2012-07-28 15:48 . 2012-07-28 15:48 770384 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-07-28 15:48 . 2012-07-28 15:48 421200 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-07-14 18:18 . 2012-07-14 18:18 -------- dc----w- c:\program files (x86)\Common Files\Java 2012-07-14 18:17 . 2012-07-14 18:15 772592 -c--a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-07-11 21:16 . 2012-07-11 21:16 -------- dc----w- c:\users\Have0\AppData\Roaming\Apple Computer 2012-07-11 21:06 . 2012-07-11 21:06 -------- dc----w- c:\program files (x86)\Common Files\Adobe 2012-07-11 21:01 . 2012-07-11 21:01 -------- dc----w- c:\programdata\Apple Computer 2012-07-11 20:55 . 2012-07-11 20:54 268720 -c--a-w- c:\windows\system32\javaws.exe 2012-07-11 20:55 . 2012-07-11 20:54 955840 -c--a-w- c:\windows\system32\npDeployJava1.dll 2012-07-11 20:55 . 2012-07-11 20:54 839096 -c--a-w- c:\windows\system32\deployJava1.dll 2012-07-11 20:54 . 2012-07-11 20:54 189360 -c--a-w- c:\windows\system32\javaw.exe 2012-07-11 20:54 . 2012-07-11 20:54 188840 -c--a-w- c:\windows\system32\java.exe 2012-07-11 20:53 . 2012-07-11 20:53 -------- dc----w- c:\program files\Java 2012-07-11 19:11 . 2012-07-11 19:11 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 19:04 . 2012-07-11 19:04 -------- dc----w- c:\windows\system32\SPReview 2012-07-11 18:55 . 2012-07-11 19:03 1460224 ----a-w- c:\windows\system32\crypt32.dll 2012-07-11 18:55 . 2012-07-11 19:03 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-07-11 18:55 . 2012-07-11 19:03 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-07-11 18:55 . 2012-07-11 19:03 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-07-11 18:55 . 2012-07-11 19:03 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-07-11 18:55 . 2012-07-11 19:03 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-07-11 18:54 . 2012-07-11 19:00 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 18:54 . 2012-07-11 19:00 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 18:54 . 2012-07-11 19:10 14165504 ----a-w- c:\windows\system32\shell32.dll 2012-07-06 18:44 . 2012-07-06 18:44 -------- dc----w- c:\users\Have0\AppData\Roaming\dvdcss 2012-07-06 18:37 . 2012-07-06 18:37 -------- dc----w- c:\users\Have0\AppData\Local\AVG Secure Search 2012-07-05 20:49 . 2012-07-06 18:46 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-07-05 20:49 . 2012-07-06 18:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-07-05 20:49 . 2012-07-06 18:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-07-05 20:49 . 2012-07-06 18:48 12405760 ----a-w- c:\windows\system32\ieframe.dll 2012-07-05 20:47 . 2012-07-06 18:46 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-07-05 20:47 . 2012-07-06 18:46 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-07-05 20:47 . 2012-07-06 18:46 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-07-05 20:39 . 2012-07-06 18:45 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-05 19:45 . 2012-07-05 19:47 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-07-05 19:45 . 2012-07-05 19:47 44056 ----a-w- c:\windows\system32\wups2.dll 2012-07-05 19:45 . 2012-07-05 19:47 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-07-05 19:45 . 2012-07-05 19:47 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-07-05 19:44 . 2012-07-05 21:09 38424 ----a-w- c:\windows\system32\wups.dll 2012-07-05 19:44 . 2012-07-05 21:09 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-07-05 19:43 . 2012-07-05 21:09 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-07-05 19:42 . 2012-07-05 19:48 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-07-05 19:42 . 2012-07-05 19:48 186752 ----a-w- c:\windows\system32\wuwebv.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-14 18:15 . 2010-08-31 13:50 687600 -c--a-w- c:\windows\SysWow64\deployJava1.dll 2012-07-11 19:05 . 2010-03-18 20:10 59701280 -c--a-w- c:\windows\system32\MRT.exe 2012-07-03 11:46 . 2010-02-26 20:25 24904 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-05-10 16:55 . 2012-05-10 15:12 1837568 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-10 16:55 . 2012-05-10 15:12 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-05-10 16:55 . 2012-05-10 15:12 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-05-10 16:55 . 2012-05-10 15:12 320512 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-10 16:55 . 2012-05-10 15:12 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-10 16:55 . 2012-05-10 15:12 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-10 16:55 . 2012-05-10 15:12 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-05-10 16:55 . 2012-05-10 15:12 1541120 ----a-w- c:\windows\system32\DWrite.dll 2012-05-10 16:55 . 2012-05-10 15:12 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-05-10 16:55 . 2012-05-10 15:12 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-05-10 15:21 . 2012-05-10 15:15 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-10 15:17 . 2012-05-10 15:15 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-07-28_17.30.18 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2012-07-29 10:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-07-28 15:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-07-28 15:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-29 10:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-29 10:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-07-28 15:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2012-07-29 10:50 48326 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-02-24 19:15 . 2012-07-29 10:50 18724 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2578091034-2730396283-2997144666-1001_UserData.bin - 2010-02-24 19:15 . 2012-07-28 17:05 18724 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2578091034-2730396283-2997144666-1001_UserData.bin - 2010-02-25 10:49 . 2012-07-28 17:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-02-25 10:49 . 2012-07-29 10:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-02-25 10:49 . 2012-07-29 10:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-02-25 10:49 . 2012-07-28 17:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-28 17:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-29 10:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-02-24 19:26 . 2012-07-28 17:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-02-24 19:26 . 2012-07-29 10:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-02-24 19:26 . 2012-07-28 17:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-02-24 19:26 . 2012-07-29 10:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-07-28 18:34 . 2012-07-28 18:34 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\ecc5750e8d62675bf59eb202eeeeacbe\PresentationFontCache.ni.exe + 2012-07-28 18:11 . 2012-07-28 18:11 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\dd71ed714dc374e3d85824c17795e706\Microsoft.WSMan.Runtime.ni.dll + 2012-07-28 17:33 . 2012-07-28 17:33 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\b8dac004fdabbb2dc12830dcd22fed29\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll + 2012-07-28 17:56 . 2012-07-28 17:56 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\6b86a80d8cb8fb51252e0cd8fe697f9f\Microsoft.Windows.Diagnosis.SDEngine.ni.dll + 2012-07-28 17:33 . 2012-07-28 17:33 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4eaff8355f942bb1a95300aeb2882602\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll + 2012-07-28 17:33 . 2012-07-28 17:33 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\3453bb2216048726659887ecaf5cce4a\Microsoft.Windows.Diagnosis.SDHost.ni.dll + 2012-07-28 17:33 . 2012-07-28 17:33 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\12abdc966e63bcb3077c71c6483762c3\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll - 2012-07-28 17:02 . 2012-07-28 17:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-29 10:48 . 2012-07-29 10:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-28 17:02 . 2012-07-28 17:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-29 10:48 . 2012-07-29 10:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-02-25 20:01 . 2012-07-28 21:41 270502 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 05:01 . 2012-07-28 17:01 417372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-28 21:53 417372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2012-07-28 17:27 . 2012-07-28 17:27 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\993018172a83c2431adeb6a309aa27cf\System.ServiceProcess.ni.dll + 2012-07-28 19:02 . 2012-07-28 19:02 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\993018172a83c2431adeb6a309aa27cf\System.ServiceProcess.ni.dll - 2012-07-28 17:27 . 2012-07-28 17:27 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\984398a06970ec18178ddf072de6167e\System.Messaging.ni.dll + 2012-07-28 19:02 . 2012-07-28 19:02 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\984398a06970ec18178ddf072de6167e\System.Messaging.ni.dll + 2012-07-28 18:43 . 2012-07-28 18:43 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a650d1b1ee920b0fecfe5e8342217265\System.Drawing.Design.ni.dll - 2012-07-14 16:47 . 2012-07-14 16:47 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a650d1b1ee920b0fecfe5e8342217265\System.Drawing.Design.ni.dll + 2012-07-29 11:20 . 2012-07-29 11:20 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\2e18ba464979573aa3dcf04e07e79d87\System.Data.DataSetExtensions.ni.dll + 2012-07-28 19:04 . 2012-07-28 19:04 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\3de11837ee6fc7bda6f50bdc8eed68ce\System.ComponentModel.DataAnnotations.ni.dll + 2012-07-28 19:00 . 2012-07-28 19:00 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\510283052ba3df05080787d71eb6fa31\SMSvcHost.ni.exe + 2012-07-28 18:31 . 2012-07-28 18:31 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\33ae5cf0b1603f19a9c66e376b4cdcda\napsnap.ni.dll + 2012-07-28 18:32 . 2012-07-28 18:32 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\5c28e1b5ec388ca1b62f229a068b9842\napinit.ni.dll + 2012-07-28 18:30 . 2012-07-28 18:30 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\4a034fcf374482db0b2cb8a7f661608c\naphlpr.ni.dll + 2012-07-28 18:30 . 2012-07-28 18:30 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\41854d8487d49fad7f177425b6c781f7\napcrypt.ni.dll + 2012-07-28 18:30 . 2012-07-28 18:30 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\02fa94543dd6ba737d98562e9a42e519\MSBuild.ni.exe - 2012-07-14 14:26 . 2012-07-14 14:26 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\bf084532afc235bb8947191850be2dbd\MMCFxCommon.ni.dll + 2012-07-28 18:29 . 2012-07-28 18:29 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\bf084532afc235bb8947191850be2dbd\MMCFxCommon.ni.dll + 2012-07-28 18:08 . 2012-07-28 18:08 681472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\d4a321be6b1775b27e878d5866ac9b6d\Microsoft.WSMan.Management.ni.dll + 2012-07-28 17:59 . 2012-07-28 17:59 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\bdfc36a270290eeff2dfa72949ff20ca\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll + 2012-07-28 18:32 . 2012-07-28 18:32 797696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\e357bfb6a7358070a31cfb315e1094b8\Microsoft.ManagementConsole.ni.dll - 2012-07-14 14:25 . 2012-07-14 14:25 797696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\e357bfb6a7358070a31cfb315e1094b8\Microsoft.ManagementConsole.ni.dll + 2012-07-29 11:21 . 2012-07-29 11:21 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\35b994e63fbc2836f32326e9f5862a1b\System.Web.Services.ni.dll - 2012-07-28 17:28 . 2012-07-28 17:28 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\35b994e63fbc2836f32326e9f5862a1b\System.Web.Services.ni.dll + 2012-07-28 18:56 . 2012-07-28 18:56 1453568 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\86a3611cdef98c49edd41c3cb52d5b81\System.Printing.ni.dll - 2012-07-28 16:18 . 2012-07-28 16:18 1453568 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\86a3611cdef98c49edd41c3cb52d5b81\System.Printing.ni.dll - 2012-07-28 17:29 . 2012-07-28 17:29 2318336 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6ea40f2da0e2321428a7bdd387e475fd\System.Drawing.ni.dll + 2012-07-29 11:21 . 2012-07-29 11:21 2318336 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6ea40f2da0e2321428a7bdd387e475fd\System.Drawing.ni.dll + 2012-07-28 18:39 . 2012-07-28 18:39 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\817485fd285d4ceca00b5a2f54127187\System.Deployment.ni.dll - 2012-07-14 16:43 . 2012-07-14 16:43 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\817485fd285d4ceca00b5a2f54127187\System.Deployment.ni.dll - 2012-07-28 16:18 . 2012-07-28 16:18 3101696 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\ace65925339dc7a67f7d5801d305fea7\ReachFramework.ni.dll + 2012-07-28 18:43 . 2012-07-28 18:43 3101696 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\ace65925339dc7a67f7d5801d305fea7\ReachFramework.ni.dll - 2012-07-28 16:18 . 2012-07-28 16:18 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\bb6de6dc7e0983ff5d5eb50e4d303401\PresentationUI.ni.dll + 2012-07-28 18:37 . 2012-07-28 18:37 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\bb6de6dc7e0983ff5d5eb50e4d303401\PresentationUI.ni.dll + 2012-07-28 18:34 . 2012-07-28 18:34 1881088 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\42dad1fa286c2dfef840436e0117f195\PresentationBuildTasks.ni.dll + 2012-07-28 18:33 . 2012-07-28 18:33 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\fcfebf142d7794efa4d9f3442b4078b0\Narrator.ni.exe + 2012-07-28 18:28 . 2012-07-28 18:28 2327040 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\53fc273e6830f8ed9f4a6861bd9e3259\MMCEx.ni.dll + 2012-07-28 18:12 . 2012-07-28 18:12 7966208 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\cbd80a405506069dcbc40bcf9e35cdbe\MIGUIControls.ni.dll - 2012-07-14 13:30 . 2012-07-14 13:30 7966208 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\cbd80a405506069dcbc40bcf9e35cdbe\MIGUIControls.ni.dll + 2009-07-14 02:34 . 2012-07-29 11:02 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat - 2009-07-14 02:34 . 2012-07-28 17:13 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat + 2012-07-28 18:55 . 2012-07-28 18:55 16517120 c:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP7D99.tmp\PresentationCore.dll + 2012-07-28 18:58 . 2012-07-28 18:58 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP699D.tmp\System.Design.dll + 2012-07-29 11:20 . 2012-07-29 11:20 17436160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\bc00906567c317f4c0cf1863b00f5b2c\System.Windows.Forms.ni.dll - 2012-07-28 16:21 . 2012-07-28 16:21 17436160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\bc00906567c317f4c0cf1863b00f5b2c\System.Windows.Forms.ni.dll - 2012-07-28 17:28 . 2012-07-28 17:28 15252992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\f6514b690596d60ca9f4fa64e14a8355\System.Web.ni.dll + 2012-07-29 11:21 . 2012-07-29 11:21 15252992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\f6514b690596d60ca9f4fa64e14a8355\System.Web.ni.dll + 2012-07-28 19:04 . 2012-07-28 19:04 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\dfb7152260d641e49ec1ecf0f2df0f37\System.Design.ni.dll - 2012-07-28 17:29 . 2012-07-28 17:29 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\dfb7152260d641e49ec1ecf0f2df0f37\System.Design.ni.dll + 2012-07-28 19:00 . 2012-07-28 19:00 19514880 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0c094b5e34f7198b686b4ba7395605cb\PresentationFramework.ni.dll - 2012-07-28 16:17 . 2012-07-28 16:17 19514880 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0c094b5e34f7198b686b4ba7395605cb\PresentationFramework.ni.dll . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-09 18:30 2074208 -c--a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408] "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552] "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568] R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-04-22 984392] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-19 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264] S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-09 140800] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1] @="{fe25455d-b4c2-4e32-97d2-92632ec1c224}" [HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}] 2009-11-25 10:47 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2] @="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}" [HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}] 2009-11-25 10:47 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EeeStorageBackup"="c:\program files (x86)\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.telegraaf.nl/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\users\Have0\AppData\Roaming\Mozilla\Firefox\Profiles\7uw19joy.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.telegraaf.nl/ . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-07-29 13:27:38 ComboFix-quarantined-files.txt 2012-07-29 11:27 ComboFix2.txt 2012-07-28 18:01 ComboFix3.txt 2012-07-28 17:37 . Pre-Run: 41.096.646.656 bytes beschikbaar Post-Run: 41.094.266.880 bytes beschikbaar . - - End Of File - - 9F3FDC011796B7719D13F8BDF0516150
-
Beste Kape zie hieronder voor de logs. Alvast weer bedankt ! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:15:29, on 28-7-2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.17006) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\AVG\AVG2012\avgui.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9120 bytes ComboFix 12-07-27.03 - Have0 28-07-2012 19:19:42.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.4095.2769 [GMT 2:00] Gestart vanuit: c:\users\Have0\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Downloaded Installers c:\program files (x86)\Downloaded Installers\{fbfbdceb-1921-4771-b80e-09bbd33680d0}\setup.msi c:\programdata\FullRemove.exe c:\users\Have0\AppData\Roaming\.# . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))) . . 2012-07-28 17:30 . 2012-07-28 17:30 -------- dc----w- c:\users\Default\AppData\Local\temp 2012-07-28 15:48 . 2012-07-28 15:48 770384 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-07-28 15:48 . 2012-07-28 15:48 421200 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-07-14 18:18 . 2012-07-14 18:18 -------- dc----w- c:\program files (x86)\Common Files\Java 2012-07-14 18:17 . 2012-07-14 18:15 772592 -c--a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-07-11 21:16 . 2012-07-11 21:16 -------- dc----w- c:\users\Have0\AppData\Roaming\Apple Computer 2012-07-11 21:06 . 2012-07-11 21:06 -------- dc----w- c:\program files (x86)\Common Files\Adobe 2012-07-11 21:01 . 2012-07-11 21:01 -------- dc----w- c:\programdata\Apple Computer 2012-07-11 20:55 . 2012-07-11 20:54 268720 -c--a-w- c:\windows\system32\javaws.exe 2012-07-11 20:55 . 2012-07-11 20:54 955840 -c--a-w- c:\windows\system32\npDeployJava1.dll 2012-07-11 20:55 . 2012-07-11 20:54 839096 -c--a-w- c:\windows\system32\deployJava1.dll 2012-07-11 20:54 . 2012-07-11 20:54 189360 -c--a-w- c:\windows\system32\javaw.exe 2012-07-11 20:54 . 2012-07-11 20:54 188840 -c--a-w- c:\windows\system32\java.exe 2012-07-11 20:53 . 2012-07-11 20:53 -------- dc----w- c:\program files\Java 2012-07-11 19:11 . 2012-07-11 19:11 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 19:04 . 2012-07-11 19:04 -------- dc----w- c:\windows\system32\SPReview 2012-07-11 18:55 . 2012-07-11 19:03 1460224 ----a-w- c:\windows\system32\crypt32.dll 2012-07-11 18:55 . 2012-07-11 19:03 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-07-11 18:55 . 2012-07-11 19:03 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-07-11 18:55 . 2012-07-11 19:03 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-07-11 18:55 . 2012-07-11 19:03 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-07-11 18:55 . 2012-07-11 19:03 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-07-11 18:54 . 2012-07-11 19:00 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 18:54 . 2012-07-11 19:00 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 18:54 . 2012-07-11 19:10 14165504 ----a-w- c:\windows\system32\shell32.dll 2012-07-06 18:44 . 2012-07-06 18:44 -------- dc----w- c:\users\Have0\AppData\Roaming\dvdcss 2012-07-06 18:37 . 2012-07-06 18:37 -------- dc----w- c:\users\Have0\AppData\Local\AVG Secure Search 2012-07-05 20:49 . 2012-07-06 18:46 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-07-05 20:49 . 2012-07-06 18:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-07-05 20:49 . 2012-07-06 18:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-07-05 20:49 . 2012-07-06 18:48 12405760 ----a-w- c:\windows\system32\ieframe.dll 2012-07-05 20:47 . 2012-07-06 18:46 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-07-05 20:47 . 2012-07-06 18:46 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-07-05 20:47 . 2012-07-06 18:46 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-07-05 20:39 . 2012-07-06 18:45 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-05 19:45 . 2012-07-05 19:47 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-07-05 19:45 . 2012-07-05 19:47 44056 ----a-w- c:\windows\system32\wups2.dll 2012-07-05 19:45 . 2012-07-05 19:47 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-07-05 19:45 . 2012-07-05 19:47 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-07-05 19:44 . 2012-07-05 21:09 38424 ----a-w- c:\windows\system32\wups.dll 2012-07-05 19:44 . 2012-07-05 21:09 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-07-05 19:43 . 2012-07-05 21:09 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-07-05 19:42 . 2012-07-05 19:48 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-07-05 19:42 . 2012-07-05 19:48 186752 ----a-w- c:\windows\system32\wuwebv.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-14 18:15 . 2010-08-31 13:50 687600 -c--a-w- c:\windows\SysWow64\deployJava1.dll 2012-07-11 19:05 . 2010-03-18 20:10 59701280 -c--a-w- c:\windows\system32\MRT.exe 2012-07-03 11:46 . 2010-02-26 20:25 24904 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-05-10 16:55 . 2012-05-10 15:12 1837568 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-10 16:55 . 2012-05-10 15:12 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-05-10 16:55 . 2012-05-10 15:12 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-05-10 16:55 . 2012-05-10 15:12 320512 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-10 16:55 . 2012-05-10 15:12 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-10 16:55 . 2012-05-10 15:12 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-10 16:55 . 2012-05-10 15:12 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-05-10 16:55 . 2012-05-10 15:12 1541120 ----a-w- c:\windows\system32\DWrite.dll 2012-05-10 16:55 . 2012-05-10 15:12 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-05-10 16:55 . 2012-05-10 15:12 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-05-10 15:21 . 2012-05-10 15:15 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-10 15:17 . 2012-05-10 15:15 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-09 18:30 2074208 -c--a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408] "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552] "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568] R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-04-22 984392] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-19 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264] S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-09 140800] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1] @="{fe25455d-b4c2-4e32-97d2-92632ec1c224}" [HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}] 2009-11-25 10:47 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2] @="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}" [HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}] 2009-11-25 10:47 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EeeStorageBackup"="c:\program files (x86)\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.telegraaf.nl/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\users\Have0\AppData\Roaming\Mozilla\Firefox\Profiles\7uw19joy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2720081&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.telegraaf.nl/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=nl_NL&apn_uid=EFE42556-CAC6-4406-BAC4-E79B64C0EED9&apn_ptnrs=PV&apn_sauid=F9CA48AB-1895-4337-A2F0-30FF27131FD4&apn_dtid=YYYYYYYYNL&q= . . ------- Bestandsassociaties ------- . JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %* . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-07-28 19:37:24 ComboFix-quarantined-files.txt 2012-07-28 17:37 . Pre-Run: 42.264.412.160 bytes beschikbaar Post-Run: 41.929.539.584 bytes beschikbaar . - - End Of File - - 387B36F7B86D18AD679E322979AC808C ComboFix 12-07-27.03 - Have0 28-07-2012 19:46:42.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.4095.2706 [GMT 2:00] Gestart vanuit: c:\users\Have0\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))) . . 2012-07-28 17:55 . 2012-07-28 17:55 -------- dc----w- c:\users\Default\AppData\Local\temp 2012-07-28 15:48 . 2012-07-28 15:48 770384 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-07-28 15:48 . 2012-07-28 15:48 421200 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-07-14 18:18 . 2012-07-14 18:18 -------- dc----w- c:\program files (x86)\Common Files\Java 2012-07-14 18:17 . 2012-07-14 18:15 772592 -c--a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-07-11 21:16 . 2012-07-11 21:16 -------- dc----w- c:\users\Have0\AppData\Roaming\Apple Computer 2012-07-11 21:06 . 2012-07-11 21:06 -------- dc----w- c:\program files (x86)\Common Files\Adobe 2012-07-11 21:01 . 2012-07-11 21:01 -------- dc----w- c:\programdata\Apple Computer 2012-07-11 20:55 . 2012-07-11 20:54 268720 -c--a-w- c:\windows\system32\javaws.exe 2012-07-11 20:55 . 2012-07-11 20:54 955840 -c--a-w- c:\windows\system32\npDeployJava1.dll 2012-07-11 20:55 . 2012-07-11 20:54 839096 -c--a-w- c:\windows\system32\deployJava1.dll 2012-07-11 20:54 . 2012-07-11 20:54 189360 -c--a-w- c:\windows\system32\javaw.exe 2012-07-11 20:54 . 2012-07-11 20:54 188840 -c--a-w- c:\windows\system32\java.exe 2012-07-11 20:53 . 2012-07-11 20:53 -------- dc----w- c:\program files\Java 2012-07-11 19:11 . 2012-07-11 19:11 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 19:04 . 2012-07-11 19:04 -------- dc----w- c:\windows\system32\SPReview 2012-07-11 18:55 . 2012-07-11 19:03 1460224 ----a-w- c:\windows\system32\crypt32.dll 2012-07-11 18:55 . 2012-07-11 19:03 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-07-11 18:55 . 2012-07-11 19:03 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-07-11 18:55 . 2012-07-11 19:03 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-07-11 18:55 . 2012-07-11 19:03 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-07-11 18:55 . 2012-07-11 19:03 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-07-11 18:54 . 2012-07-11 19:00 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 18:54 . 2012-07-11 19:00 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 18:54 . 2012-07-11 19:10 14165504 ----a-w- c:\windows\system32\shell32.dll 2012-07-06 18:44 . 2012-07-06 18:44 -------- dc----w- c:\users\Have0\AppData\Roaming\dvdcss 2012-07-06 18:37 . 2012-07-06 18:37 -------- dc----w- c:\users\Have0\AppData\Local\AVG Secure Search 2012-07-05 20:49 . 2012-07-06 18:46 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-07-05 20:49 . 2012-07-06 18:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-07-05 20:49 . 2012-07-06 18:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-07-05 20:49 . 2012-07-06 18:48 12405760 ----a-w- c:\windows\system32\ieframe.dll 2012-07-05 20:47 . 2012-07-06 18:46 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-07-05 20:47 . 2012-07-06 18:46 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-07-05 20:47 . 2012-07-06 18:46 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-07-05 20:39 . 2012-07-06 18:45 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-05 19:45 . 2012-07-05 19:47 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-07-05 19:45 . 2012-07-05 19:47 44056 ----a-w- c:\windows\system32\wups2.dll 2012-07-05 19:45 . 2012-07-05 19:47 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-07-05 19:45 . 2012-07-05 19:47 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-07-05 19:44 . 2012-07-05 21:09 38424 ----a-w- c:\windows\system32\wups.dll 2012-07-05 19:44 . 2012-07-05 21:09 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-07-05 19:43 . 2012-07-05 21:09 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-07-05 19:42 . 2012-07-05 19:48 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-07-05 19:42 . 2012-07-05 19:48 186752 ----a-w- c:\windows\system32\wuwebv.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-14 18:15 . 2010-08-31 13:50 687600 -c--a-w- c:\windows\SysWow64\deployJava1.dll 2012-07-11 19:05 . 2010-03-18 20:10 59701280 -c--a-w- c:\windows\system32\MRT.exe 2012-07-03 11:46 . 2010-02-26 20:25 24904 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-05-10 16:55 . 2012-05-10 15:12 1837568 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-10 16:55 . 2012-05-10 15:12 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-05-10 16:55 . 2012-05-10 15:12 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-05-10 16:55 . 2012-05-10 15:12 320512 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-10 16:55 . 2012-05-10 15:12 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-10 16:55 . 2012-05-10 15:12 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-10 16:55 . 2012-05-10 15:12 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-05-10 16:55 . 2012-05-10 15:12 1541120 ----a-w- c:\windows\system32\DWrite.dll 2012-05-10 16:55 . 2012-05-10 15:12 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-05-10 16:55 . 2012-05-10 15:12 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-05-10 15:21 . 2012-05-10 15:15 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-10 15:17 . 2012-05-10 15:15 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-07-28_17.30.18 ))))))))))))))))))))))))))))))))))))))))) . + 2012-07-28 17:33 . 2012-07-28 17:33 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\b8dac004fdabbb2dc12830dcd22fed29\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll + 2012-07-28 17:33 . 2012-07-28 17:33 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4eaff8355f942bb1a95300aeb2882602\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll + 2012-07-28 17:33 . 2012-07-28 17:33 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\3453bb2216048726659887ecaf5cce4a\Microsoft.Windows.Diagnosis.SDHost.ni.dll + 2012-07-28 17:33 . 2012-07-28 17:33 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\12abdc966e63bcb3077c71c6483762c3\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll + 2012-07-28 17:55 . 2012-07-28 17:55 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\35b994e63fbc2836f32326e9f5862a1b\System.Web.Services.ni.dll - 2012-07-28 17:28 . 2012-07-28 17:28 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\35b994e63fbc2836f32326e9f5862a1b\System.Web.Services.ni.dll + 2012-07-28 17:53 . 2012-07-28 17:53 2318336 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6ea40f2da0e2321428a7bdd387e475fd\System.Drawing.ni.dll - 2012-07-28 17:29 . 2012-07-28 17:29 2318336 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6ea40f2da0e2321428a7bdd387e475fd\System.Drawing.ni.dll + 2012-07-28 17:54 . 2012-07-28 17:54 17436160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\bc00906567c317f4c0cf1863b00f5b2c\System.Windows.Forms.ni.dll - 2012-07-28 16:21 . 2012-07-28 16:21 17436160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\bc00906567c317f4c0cf1863b00f5b2c\System.Windows.Forms.ni.dll + 2012-07-28 17:55 . 2012-07-28 17:55 15252992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\f6514b690596d60ca9f4fa64e14a8355\System.Web.ni.dll - 2012-07-28 17:28 . 2012-07-28 17:28 15252992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\f6514b690596d60ca9f4fa64e14a8355\System.Web.ni.dll + 2012-07-28 17:53 . 2012-07-28 17:53 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\dfb7152260d641e49ec1ecf0f2df0f37\System.Design.ni.dll - 2012-07-28 17:29 . 2012-07-28 17:29 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\dfb7152260d641e49ec1ecf0f2df0f37\System.Design.ni.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-09 18:30 2074208 -c--a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408] "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552] "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568] R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-04-22 984392] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-19 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264] S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-09 140800] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1] @="{fe25455d-b4c2-4e32-97d2-92632ec1c224}" [HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}] 2009-11-25 10:47 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2] @="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}" [HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}] 2009-11-25 10:47 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EeeStorageBackup"="c:\program files (x86)\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.telegraaf.nl/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\users\Have0\AppData\Roaming\Mozilla\Firefox\Profiles\7uw19joy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2720081&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.telegraaf.nl/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=nl_NL&apn_uid=EFE42556-CAC6-4406-BAC4-E79B64C0EED9&apn_ptnrs=PV&apn_sauid=F9CA48AB-1895-4337-A2F0-30FF27131FD4&apn_dtid=YYYYYYYYNL&q= . . ------- Bestandsassociaties ------- . JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %* . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-07-28 20:01:32 ComboFix-quarantined-files.txt 2012-07-28 18:01 ComboFix2.txt 2012-07-28 17:37 . Pre-Run: 41.933.680.640 bytes beschikbaar Post-Run: 41.787.936.768 bytes beschikbaar . - - End Of File - - D6A230AA123969E39BCF375D166EB39E
-
Beste Kape, deze week heeft u mij erg goed geholpen met probleem snelheid opstarten en laden internetpagina's m.b.t. mijn vaste computer windows xp. Ik heb ook een laptop. Graag hoor ik uw advies of ik iets moet verbeteren/weghalen. Of moet ik combifix downloaden ? Wilt u kijken of u bijzonderheden ziet in mijn laptop ? Alvast hartelijk dank. Malwarebytes Anti-Malware 1.62.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2012.07.28.05 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Have0 :: HAVE0-PC [administrator] 28-7-2012 17:35:10 mbam-log-2012-07-28 (17-35-10).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 189622 Verstreken tijd: 4 minuut/minuten, 25 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:46:55, on 28-7-2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.17006) Boot mode: Normal Running processes: C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10309 bytes Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)
-
Langzamer opstarten en laden internetpagina's trager
Have0 reageerde op Have0's topic in Archief Internet & Netwerk
Beste Kape, ik ben door u weer super geholpen ! Het wisselen van programma's van bijv. internet naar word en terug ging erg langzaam. Nu gaat alles weer goed. Het opstarten is volgens mij ietsje sneller. Maar vooral het laden van internetpagina's gaat goed. Weer hartelijk dank voor uw professionele hulp ! Ik doe graag een beroep op u binnenkort ivm mijn laptop met windows 7 met gelijksoortig probleem. Ik gebruik zeer regelmatig CCleaner maar toch leegt hij die cache niet blijkt. Vriendelijke groet -
Langzamer opstarten en laden internetpagina's trager
Have0 reageerde op Have0's topic in Archief Internet & Netwerk
Beste Kape, zie hieronder de nieuwe logfile van combofix. In de vorige scan zag ik dat combofix c:\windows\system32\Cache heeft verwijderd. Betekent dat ik dit zelf ook kan doen dus zorgen dat dit mapje in zijn geheel leeg blijft of is dit te risicovol ? Of kan ik dit wel doen inclusief de map zelf verwijderen ? ComboFix 12-07-26.03 - Fam. Haverkamp 25-07-2012 17:51:22.8.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2039.1582 [GMT 2:00] Gestart vanuit: c:\documents and settings\Fam. Haverkamp\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Fam. Haverkamp\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Rdpnderc . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))) . . 2012-07-19 15:38 . 2012-07-25 15:47 -------- dc-h--r- c:\documents and settings\Fam. Haverkamp\Onlangs geopend 2012-07-09 20:13 . 2012-07-10 14:51 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-10 14:50 . 2011-12-23 14:36 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-03 11:46 . 2010-02-17 19:07 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 13:55 . 2008-04-15 12:00 1866240 -c--a-w- c:\windows\system32\win32k.sys 2012-06-05 15:49 . 2008-04-15 12:00 1372672 -c--a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2008-04-15 12:00 1172480 -c--a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2008-04-15 12:00 152576 -c--a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2009-08-06 18:24 18456 -c--a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2010-02-16 21:31 329240 -c--a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2010-02-16 21:31 210968 -c--a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2010-02-16 21:31 219160 -c--a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2010-02-16 21:31 53784 -c--a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2010-02-16 21:31 35864 -c--a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2008-04-15 12:00 97304 -c--a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2009-08-06 18:24 15896 -c--a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2010-02-16 21:31 577048 -c--a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2009-08-06 18:23 15896 -c--a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2010-02-16 21:31 1933848 -c--a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2009-08-06 18:23 24088 -c--a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2010-04-06 15:03 18160 -c--a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2010-04-06 15:03 275696 -c--a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2010-04-06 15:03 214256 -c--a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2008-04-15 12:00 602624 -c--a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2008-04-15 12:00 916992 -c--a-w- c:\windows\system32\wininet.dll 2012-05-11 14:44 . 2008-04-15 12:00 43520 -c----w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2008-04-15 12:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2008-04-15 12:00 385024 -c----w- c:\windows\system32\html.iec 2012-05-05 03:15 . 2008-04-15 12:00 2196992 -c--a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:15 . 2008-04-14 22:11 2073472 -c--a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47 . 2010-02-16 21:29 139656 -c--a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-19 07:51 . 2012-02-15 19:37 136672 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-09 11:27 2074208 -c--a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ChkAdmin"="c:\progra~1\Compaq\COMPAQ~1\CHKADMIN.EXE" [2002-08-13 81920] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-05-11 441120] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Statusvenster.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Statusvenster.lnk backup=c:\windows\pss\Statusvenster.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 09:07 843712 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-03-27 12:41 37296 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2008-04-15 12:00 110592 -c--a-w- c:\windows\system32\bthprops.cpl . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] 2005-05-17 16:42 933888 -c----w- c:\program files\Brother\ControlCenter2\brctrcen.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-15 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] 2005-01-26 16:02 49152 -c----w- c:\program files\Brother\Brmfl05a\BrStDvPt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "vToolbarUpdater"=2 (0x2) "AdvancedSystemCareService5"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Documents and Settings\\Fam. Haverkamp\\Mijn documenten\\Downloads\\solutoinstaller-j7SRa5z2T4.exe"= "c:\\Documents and Settings\\Fam. Haverkamp\\Mijn documenten\\Downloads\\SweetImSetup.exe"= "c:\\Documents and Settings\\Fam. Haverkamp\\Mijn documenten\\Downloads\\solutoinstaller-Xc32NqTd17.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 7:30 31952] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-10-2011 7:23 235216] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 2:14 301248] R1 ClntMgmt;Compaq Client Management Driver;c:\windows\system32\drivers\Clntmgmt.sys [17-2-2010 11:56 54272] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288] R2 cpqWebDmi;Compaq DMI Web Agent;c:\progra~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe [17-2-2010 11:56 24576] R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [19-8-2011 20:40 140848] R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [9-7-2012 13:27 935008] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6-7-2010 17:55 47360] S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\h:\everest ultimate edition 4.60 build 1500\kerneld.wnt --> h:\everest ultimate edition 4.60 build 1500\kerneld.wnt [?] . Inhoud van de 'Gedeelde Taken' map . 2012-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.telegraaf.nl/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.telegraaf.nl/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3aa737b0-c8e0-4c34-ad61-bd131811e389%7D&mid=8d3536da729947d19828d14530c7a829-9c2290a46ad6c4ede1408ed1f440323a3c14343f&ds=AVG&v=11.0.0.9〈=nl&pr=fr&d=2012-06-09%2020%3A34%3A18&sap=ku&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-07-25 18:02 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\h:\everest ultimate edition 4.60 build 1500\kerneld.wnt" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,e8,b9,cb,c6,54,bd,4d,8f,86,35,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,e8,b9,cb,c6,54,bd,4d,8f,86,35,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(1488) c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\brss01a.exe c:\program files\Compaq\Compaq Management Agents\cpqalert.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\progra~1\Compaq\COMPAQ~1\cpqdmi.exe c:\program files\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe . ************************************************************************** . Voltooingstijd: 2012-07-25 18:13:07 - machine werd herstart ComboFix-quarantined-files.txt 2012-07-25 16:13 ComboFix2.txt 2012-07-25 13:59 ComboFix3.txt 2012-07-25 13:45 . Pre-Run: 11.745.964.032 bytes beschikbaar Post-Run: 11.691.077.632 bytes beschikbaar . - - End Of File - - 9DE486BFD04DD3601907CAECAD9345C8 -
Langzamer opstarten en laden internetpagina's trager
Have0 reageerde op Have0's topic in Archief Internet & Netwerk
Beste Kape, alvast alweer bedankt ! Als het goed is vind u hieronder alle logs ? ComboFix 12-07-26.03 - Fam. Haverkamp 25-07-2012 15:49:10.7.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2039.1548 [GMT 2:00] Gestart vanuit: c:\documents and settings\Fam. Haverkamp\Mijn documenten\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))) . . 2012-07-19 15:38 . 2012-07-20 15:57 -------- dc-h--r- c:\documents and settings\Fam. Haverkamp\Onlangs geopend 2012-07-09 20:13 . 2012-07-10 14:51 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-10 14:50 . 2011-12-23 14:36 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-03 11:46 . 2010-02-17 19:07 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 13:55 . 2008-04-15 12:00 1866240 -c--a-w- c:\windows\system32\win32k.sys 2012-06-05 15:49 . 2008-04-15 12:00 1372672 -c--a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2008-04-15 12:00 1172480 -c--a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2008-04-15 12:00 152576 -c--a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2009-08-06 18:24 18456 -c--a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2010-02-16 21:31 329240 -c--a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2010-02-16 21:31 210968 -c--a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2010-02-16 21:31 219160 -c--a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2010-02-16 21:31 53784 -c--a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2010-02-16 21:31 35864 -c--a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2008-04-15 12:00 97304 -c--a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2009-08-06 18:24 15896 -c--a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2010-02-16 21:31 577048 -c--a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2009-08-06 18:23 15896 -c--a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2010-02-16 21:31 1933848 -c--a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2009-08-06 18:23 24088 -c--a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2010-04-06 15:03 18160 -c--a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2010-04-06 15:03 275696 -c--a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2010-04-06 15:03 214256 -c--a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2008-04-15 12:00 602624 -c--a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2008-04-15 12:00 916992 -c--a-w- c:\windows\system32\wininet.dll 2012-05-11 14:44 . 2008-04-15 12:00 43520 -c----w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2008-04-15 12:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2008-04-15 12:00 385024 -c----w- c:\windows\system32\html.iec 2012-05-05 03:15 . 2008-04-15 12:00 2196992 -c--a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:15 . 2008-04-14 22:11 2073472 -c--a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47 . 2010-02-16 21:29 139656 -c--a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-19 07:51 . 2012-02-15 19:37 136672 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-09 11:27 2074208 -c--a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ChkAdmin"="c:\progra~1\Compaq\COMPAQ~1\CHKADMIN.EXE" [2002-08-13 81920] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-05-11 441120] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Statusvenster.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Statusvenster.lnk backup=c:\windows\pss\Statusvenster.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 09:07 843712 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-03-27 12:41 37296 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2008-04-15 12:00 110592 -c--a-w- c:\windows\system32\bthprops.cpl . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] 2005-05-17 16:42 933888 -c----w- c:\program files\Brother\ControlCenter2\brctrcen.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-15 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] 2005-01-26 16:02 49152 -c----w- c:\program files\Brother\Brmfl05a\BrStDvPt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "vToolbarUpdater"=2 (0x2) "AdvancedSystemCareService5"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Documents and Settings\\Fam. Haverkamp\\Mijn documenten\\Downloads\\solutoinstaller-j7SRa5z2T4.exe"= "c:\\Documents and Settings\\Fam. Haverkamp\\Mijn documenten\\Downloads\\SweetImSetup.exe"= "c:\\Documents and Settings\\Fam. Haverkamp\\Mijn documenten\\Downloads\\solutoinstaller-Xc32NqTd17.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 7:30 31952] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-10-2011 7:23 235216] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 2:14 301248] R1 ClntMgmt;Compaq Client Management Driver;c:\windows\system32\drivers\Clntmgmt.sys [17-2-2010 11:56 54272] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288] R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [19-8-2011 20:40 140848] R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [9-7-2012 13:27 935008] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6-7-2010 17:55 47360] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568] S2 cpqWebDmi;Compaq DMI Web Agent;c:\progra~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe [17-2-2010 11:56 24576] S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\h:\everest ultimate edition 4.60 build 1500\kerneld.wnt --> h:\everest ultimate edition 4.60 build 1500\kerneld.wnt [?] S4 Rdpnderc;Rdpnderc; [x] . Inhoud van de 'Gedeelde Taken' map . 2012-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.telegraaf.nl/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.telegraaf.nl/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3aa737b0-c8e0-4c34-ad61-bd131811e389%7D&mid=8d3536da729947d19828d14530c7a829-9c2290a46ad6c4ede1408ed1f440323a3c14343f&ds=AVG&v=11.0.0.9〈=nl&pr=fr&d=2012-06-09%2020%3A34%3A18&sap=ku&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-07-25 15:55 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\h:\everest ultimate edition 4.60 build 1500\kerneld.wnt" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,e8,b9,cb,c6,54,bd,4d,8f,86,35,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,e8,b9,cb,c6,54,bd,4d,8f,86,35,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(3156) c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2012-07-25 15:59:24 ComboFix-quarantined-files.txt 2012-07-25 13:59 ComboFix2.txt 2012-07-25 13:45 . Pre-Run: 11.777.544.192 bytes beschikbaar Post-Run: 11.776.233.472 bytes beschikbaar . - - End Of File - - 915A6C7E5061EEEA3B7EE45C054B1FC1 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:03:39, on 25-7-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Compaq Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe -- End of file - 7031 bytes ComboFix 12-07-26.03 - Fam. Haverkamp 25-07-2012 15:31:39.6.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2039.1612 [GMT 2:00] Gestart vanuit: c:\documents and settings\Fam. Haverkamp\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\2d60e242cdada3ed.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\7f1c7ac6fad423a3.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\f998975c9cc711ee.fb . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))) . . 2012-07-19 15:38 . 2012-07-20 15:57 -------- dc-h--r- c:\documents and settings\Fam. Haverkamp\Onlangs geopend 2012-07-09 20:13 . 2012-07-10 14:51 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-10 14:50 . 2011-12-23 14:36 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-03 11:46 . 2010-02-17 19:07 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 13:55 . 2008-04-15 12:00 1866240 -c--a-w- c:\windows\system32\win32k.sys 2012-06-05 15:49 . 2008-04-15 12:00 1372672 -c--a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2008-04-15 12:00 1172480 -c--a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2008-04-15 12:00 152576 -c--a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2009-08-06 18:24 18456 -c--a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2010-02-16 21:31 329240 -c--a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2010-02-16 21:31 210968 -c--a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2010-02-16 21:31 219160 -c--a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2010-02-16 21:31 53784 -c--a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2010-02-16 21:31 35864 -c--a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2008-04-15 12:00 97304 -c--a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2009-08-06 18:24 15896 -c--a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2010-02-16 21:31 577048 -c--a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2009-08-06 18:23 15896 -c--a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2010-02-16 21:31 1933848 -c--a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2009-08-06 18:23 24088 -c--a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2010-04-06 15:03 18160 -c--a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2010-04-06 15:03 275696 -c--a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2010-04-06 15:03 214256 -c--a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2008-04-15 12:00 602624 -c--a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2008-04-15 12:00 916992 -c--a-w- c:\windows\system32\wininet.dll 2012-05-11 14:44 . 2008-04-15 12:00 43520 -c----w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2008-04-15 12:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2008-04-15 12:00 385024 -c----w- c:\windows\system32\html.iec 2012-05-05 03:15 . 2008-04-15 12:00 2196992 -c--a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:15 . 2008-04-14 22:11 2073472 -c--a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47 . 2010-02-16 21:29 139656 -c--a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-19 07:51 . 2012-02-15 19:37 136672 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-09 11:27 2074208 -c--a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ChkAdmin"="c:\progra~1\Compaq\COMPAQ~1\CHKADMIN.EXE" [2002-08-13 81920] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-05-11 441120] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Statusvenster.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Statusvenster.lnk backup=c:\windows\pss\Statusvenster.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 09:07 843712 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-03-27 12:41 37296 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2008-04-15 12:00 110592 -c--a-w- c:\windows\system32\bthprops.cpl . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] 2005-05-17 16:42 933888 -c----w- c:\program files\Brother\ControlCenter2\brctrcen.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-15 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] 2005-01-26 16:02 49152 -c----w- c:\program files\Brother\Brmfl05a\BrStDvPt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "vToolbarUpdater"=2 (0x2) "AdvancedSystemCareService5"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Documents and Settings\\Fam. Haverkamp\\Mijn documenten\\Downloads\\solutoinstaller-j7SRa5z2T4.exe"= "c:\\Documents and Settings\\Fam. Haverkamp\\Mijn documenten\\Downloads\\SweetImSetup.exe"= "c:\\Documents and Settings\\Fam. Haverkamp\\Mijn documenten\\Downloads\\solutoinstaller-Xc32NqTd17.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 7:30 31952] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-10-2011 7:23 235216] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 2:14 301248] R1 ClntMgmt;Compaq Client Management Driver;c:\windows\system32\drivers\Clntmgmt.sys [17-2-2010 11:56 54272] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288] R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [19-8-2011 20:40 140848] R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [9-7-2012 13:27 935008] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6-7-2010 17:55 47360] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568] S2 cpqWebDmi;Compaq DMI Web Agent;c:\progra~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe [17-2-2010 11:56 24576] S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\h:\everest ultimate edition 4.60 build 1500\kerneld.wnt --> h:\everest ultimate edition 4.60 build 1500\kerneld.wnt [?] S4 Rdpnderc;Rdpnderc; [x] . Inhoud van de 'Gedeelde Taken' map . 2012-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.telegraaf.nl/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\Fam. Haverkamp\Application Data\Mozilla\Firefox\Profiles\75il4gpn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.telegraaf.nl/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3aa737b0-c8e0-4c34-ad61-bd131811e389%7D&mid=8d3536da729947d19828d14530c7a829-9c2290a46ad6c4ede1408ed1f440323a3c14343f&ds=AVG&v=11.0.0.9〈=nl&pr=fr&d=2012-06-09%2020%3A34%3A18&sap=ku&q= . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-07-25 15:41 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\h:\everest ultimate edition 4.60 build 1500\kerneld.wnt" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,e8,b9,cb,c6,54,bd,4d,8f,86,35,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,e8,b9,cb,c6,54,bd,4d,8f,86,35,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2012-07-25 15:45:56 ComboFix-quarantined-files.txt 2012-07-25 13:45 . Pre-Run: 11.743.723.520 bytes beschikbaar Post-Run: 11.780.153.344 bytes beschikbaar . - - End Of File - - 8A6E45B3C0D626E04AE7B8700BF1CADA -
Langzamer opstarten en laden internetpagina's trager
Have0 plaatste een topic in Archief Internet & Netwerk
Beste mensen, misschien kan iemand Kape bijvoorbeeld mijn logfiles nakijken ? Na enige tijd wordt internetpagina's laden en opstarten weer behoorlijk traag. Alvast hartelijk dank ! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:36:07, on 25-7-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\AVG\AVG2012\avgrsx.exe C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Zoek op het web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Compaq Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe -- End of file - 7080 bytes Malwarebytes Anti-Malware 1.62.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2012.07.25.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Fam. Haverkamp :: FAM-8CE7DC89595 [administrator] 25-7-2012 10:37:19 mbam-log-2012-07-25 (10-37-19).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 201451 Verstreken tijd: 10 minuut/minuten, 19 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) -
Beste Kape, SUPERBEDANKT voor uw hulp !!!!! Het probleem is opgelost.
-
Beste Kape, het lijkt opgelost maar ik start hem nogmaals op als ik bij de buurman ben. Ik zal straks nog reageren en het laten weten of het definitief is opgelost. Maar in ieder geval hartelijk dank voor uw hulp. Straks reageer ik nog een keer.
-
Beste Kape, onderaan staat Computer\HKEY_Current_User\Software\Microsoft\WindowsNT\Current\Version\Windows. Ik ga er vanuit dat het dit mapje is. Als ik met de rechtermuisknop op dit mapje druk zie ik Machtigingen Namen van groepen of gebruikers Iedereen Machtigingen voor iedereen Volledig beheer Toestaan Weigeren Lezen Speciale Machtigingen V (=aangevinkt in hokje) Ik weet nu niet wat ik precies moet doen, alvast bedankt.
-
Beste Kape, ik heb de zoekopdracht gegeven en ik zie het volgende nu staan Naam Type Gegevens Load Reg_SZ C:Users\Jaap\Locals-1/temp\mshfpci.com Ik kan deze map niet openen, maar dat is misschien ook niet de bedoeling ?
-
Beste Kape, ik ben zover. Ik heb via het register de zoekfunctie ingevuld.
-
sorry dit is volgens mij de goede file nu. hij vraagt niet om opnieuw op te starten ? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:10:30, on 30-4-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\helppane.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Jaap\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN7EMXF\HijackThis (1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = F3 - REG:win.ini: load=C:\Users\Jaap\LOCALS~1\Temp\mshfpci.com O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray O4 - HKCU\..\Run: [Wyypigawin] C:\Users\Jaap\AppData\Roaming\Ceox\qacoi.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- End of file - 7699 bytes
-
Beste Kape, zie hieronder de logfiles, ik heb via veilige modus gewerkt van de buurman. Ziet u nog rare dingen of kan ik zijn laptop nu op de normale manier opstarten en zal het probleem opgelost zijn ? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:50:55, on 30-4-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe C:\Program Files\Java\jre6\bin\java.exe C:\Users\Jaap\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBN7EMXF\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) F3 - REG:win.ini: load=C:\Users\Jaap\LOCALS~1\Temp\mshfpci.com O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray O4 - HKCU\..\Run: [Wyypigawin] C:\Users\Jaap\AppData\Roaming\Ceox\qacoi.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- End of file - 8060 bytes Malwarebytes Anti-Malware 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.04.30.07 Windows Vista Service Pack 2 x86 NTFS (Veilige modus/netwerkmogelijkheden) Internet Explorer 9.0.8112.16421 Jaap :: PC_VAN_JAAP [administrator] 30-4-2012 20:12:44 mbam-log-2012-04-30 (20-12-44).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 183196 Verstreken tijd: 4 minuut/minuten, 47 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)
-
Bedankt voor uw hulp. Ik heb via een usb-stick e.e.a. geprobeerd en hieronder vind u de logfile. Hopelijk heb ik het goed gedaan ? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:35:11, on 30-4-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\helppane.exe E:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) F3 - REG:win.ini: load=C:\Users\Jaap\LOCALS~1\Temp\mshfpci.com O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = ? O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} (ORDcmViewCD Control) - file:///D:/viewer/ORDcmViewCD.ocx O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- End of file - 7932 bytes
-
Beste lezer, op de laptop van mijn buurman zit een virus. Als hij laptop opstart dan zie je een scherm waarbij gevraagd wordt om iets te betalen. Hoe kan ik dit omzeilen voor hem ? Ook als ik internet niet opstart dan zie je dit scherm. Ik hoorde iets van in veilige modus opstarten met F2 ? Maar wat moet ik dan doen nadat ik op F2 heb gedrukt ? Hij heeft geen anti malware op zijn laptop. Ik dacht ik kopieer deze op een stickje van mezelf maar dat lukt ook niet. Wie weet wat ik het beste bij zijn laptop nu kan doen ? Alvast bedankt.
