marky marc

verslag Hijack Ziet er redelijk uit. Zie jij nog fouten Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:21:20, on 5/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=4945 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://scarlet.extrafilm.be/ImageUploader4.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 10583 bytes

Ok. Bedankt kape. Vorige java verwijderd, updates niet verwijderd. Java JRE 6 update 20 geinstaleerd. En nu zou ik met een geruster hart kunnen surfen . Mcafee al een paar keer laten draaien en verschillende generic laten verwijderen. Grtz.

Hallo, Ik heb opnieuw na enkele weken terug antimalware doctor binnengekregen. Via Malwarebytes verwijderd maar wil je mijn HiJacklogje eens nakijken of dat er misschien toch nog dingen verwijderd moeten worden. Een paar dingen die mee opstarten met ccleaner verwijderd enkel die in het rood in mijn logje staat nog niet. Alvast bedankt. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:44:31, on 4/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\DOCUME~1\Marc\LOCALS~1\Temp\Ov1.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Cool Devices That Fit Your Lifestyle R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Street-Ads Browser Enhancer jugqachv - {306E14D7-C792-4F3B-B68F-EFB78C81FA95} - C:\WINDOWS\system32\jugqachv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\ucllhied.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://scarlet.extrafilm.be/ImageUploader4.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 10664 bytes

Het is gelukt zoals kwezzie rabbit me gevraagd heeft. Nu kan ik terug aan mijn systeemeigenschappen. Systeemeigenschappen opgevraagd en systeemherstel uitschakelen vinkje verwijderd. Pc opnieuw opgestart en alles is OK.

Copie van zoekactie

dan zal ik toch dell eens moeten contacteren want die leveren geen cd met stuurprogramma's.

zelfde foutmelding C:\windows\system32\rundll32.exe niet te vinden. Maar ik ondervind momenteel geen hinder meer op mijn pc. Kunnen we niet beter topic als opgelost beschouwen. Of is deze foutmelding te belangrijk ?

Klik op Start Kies Alle Programma's Kies Bureauaccessoires Kies Systeemwerkset Kies Systeemherstel (stopt hier , geen andere mogelijkheid ) systeemherstel is uitgeschakeld, wilt u het inschakelen ja of nee druk je nee gebeurt er niets druk je ja krijg rundll fout.

Ik geraak niet aan het kadertje van systeemeigenschappen. Ik krijg een foutmelding als ik op systeem druk in configuratiescherm (nl rundll.exe niet te vinden). Is er een andere manier om aan systeemherstel te geraken ?

systeemherstel stond uitgeschakeld, als ik het goed begrijp moet ik nu niks doen.

Alles uitgevoerd tot volgende passage prestaties en onderhoud zijn niet terug te vinden bij mijn configuratiescherm.

Zo goed dan nu heeft het er lang niet uitgezien. :-) Ik twijfel nog een beetje ofdat ik volledig verlost ben maar voorlopig heb ik nog geen aanwijzingen dat er nog verborgen gebreken zijn. Af en toe hoor ik iets verdacht bij het surfen. 20654nm.exe die vroeger altijd voor problemen zorgden , vind ik nog alleen terug onder de vorm van c:\windows\prefetch\20654NM2.EXE-26940E88.pf. Mag ik dit handmatig verwijderen ? Wat moet ik doen met de combofix ?

Verslag van de combo in veilige modus als je er iets mee moest zijn ComboFix 10-05-10.03 - Marc 14/05/2010 17:33:01.15.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.677 [GMT 2:00] Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\20654nm2.exe c:\windows\Tasks\At15.job . (((((((((((((((((((( Bestanden Gemaakt van 2010-04-14 to 2010-05-14 )))))))))))))))))))))))))))))) . 2010-05-12 13:28 . 2010-01-04 04:29 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2010-05-12 13:28 . 2010-01-04 04:29 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2010-05-12 13:23 . 2010-05-12 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt 2010-05-12 13:23 . 2010-05-12 13:23 -------- d-----w- c:\documents and settings\Marc\Application Data\Sunbelt 2010-05-12 13:21 . 2010-03-11 13:49 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys 2010-05-12 13:21 . 2010-05-12 13:21 -------- d-----w- c:\program files\Sunbelt Software 2010-05-01 09:01 . 2010-05-01 09:01 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2010-05-01 08:37 . 2010-05-01 08:37 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2010-05-01 08:37 . 2010-05-01 08:37 -------- d-----r- c:\documents and settings\NetworkService\Favorieten 2010-04-30 09:48 . 2010-04-30 09:48 388096 ----a-r- c:\documents and settings\Marc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-04-30 09:48 . 2010-04-30 09:48 -------- d-----w- c:\program files\Trend Micro 2010-04-30 09:44 . 2010-04-30 09:45 182656 ----a-w- c:\windows\system32\dllcache\ndis.sys 2010-04-27 14:19 . 2010-04-27 14:19 -------- d-----w- c:\documents and settings\Marc\Application Data\Malwarebytes 2010-04-27 14:18 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-27 14:18 . 2010-04-27 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-27 14:18 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 14:18 . 2010-04-30 10:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-26 16:17 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-04-26 16:17 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-04-26 16:16 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-04-26 16:16 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys 2010-04-26 16:15 . 2010-04-26 16:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-04-19 11:48 . 2010-04-19 11:48 27984 ----a-w- c:\windows\system32\sbbd.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-12 16:48 . 2008-10-22 17:04 -------- d-----w- c:\program files\USD 2010-05-12 15:41 . 2008-04-21 13:32 -------- d-----w- c:\documents and settings\Marc\Application Data\OpenOffice.org2 2010-05-12 15:38 . 2008-04-21 13:35 1 ----a-w- c:\documents and settings\Marc\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2010-05-12 13:26 . 2010-05-01 08:34 112 ----a-w- c:\documents and settings\All Users\Application Data\6pq0BV.dat 2010-05-11 09:43 . 2009-11-24 10:29 -------- d-----w- c:\program files\Everest Poker 2010-05-05 18:15 . 2010-05-05 18:14 -------- d-----w- c:\program files\QuickTime 2010-05-03 14:17 . 2010-01-08 09:45 -------- d-----w- c:\program files\iTunes 2010-05-01 10:52 . 2005-12-15 01:52 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-05-01 09:57 . 2005-12-15 01:52 -------- d-----w- c:\program files\Sonic 2010-04-30 09:45 . 2004-09-14 08:38 182656 ----a-w- c:\windows\system32\drivers\ndis.sys 2010-04-28 18:13 . 2007-03-21 14:42 -------- d-----w- c:\program files\McAfee 2010-04-11 15:47 . 2009-11-28 17:35 -------- d-----w- c:\program files\PokerStars 2010-04-09 14:44 . 2010-04-08 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-04-08 12:15 . 2010-04-08 12:15 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-03-28 11:40 . 2004-09-14 08:38 70312 ----a-w- c:\windows\system32\perfc013.dat 2010-03-28 11:40 . 2004-09-14 08:38 443522 ----a-w- c:\windows\system32\perfh013.dat 2010-03-10 06:17 . 2004-09-14 08:38 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:20 . 2004-09-14 08:38 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2005-12-15 01:28 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-19 16:49 . 2009-03-30 16:31 288096 ----a-r- c:\documents and settings\Marc\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll 2010-02-16 19:09 . 2004-09-14 08:38 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:09 . 2004-08-04 00:58 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe 2006-11-08 15:01 . 2006-11-08 15:01 774144 ----a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((( SnapShot@2010-05-08_16.48.40 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-13 07:02 . 2009-10-13 07:02 95024 c:\windows\system32\drivers\SBREDrv.sys + 2010-05-10 06:59 . 2010-05-12 12:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2005-12-20 16:23 . 2010-05-08 15:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2005-12-20 16:23 . 2010-05-12 12:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2010-05-12 07:51 . 2010-05-12 12:48 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2010-05-12 13:21 . 2010-05-12 13:21 71040 c:\windows\Installer\{5C7DF2CB-0DE0-40F5-B24F-8E59B81FFF78}\NewShortcut21_339C927BB4B547F9804FDF51F01D2D57.exe + 2010-05-12 13:21 . 2010-05-12 13:21 71040 c:\windows\Installer\{5C7DF2CB-0DE0-40F5-B24F-8E59B81FFF78}\NewShortcut2_339C927BB4B547F9804FDF51F01D2D57.exe + 2009-11-11 09:33 . 2009-11-11 09:33 634048 c:\windows\system32\XceedZip.dll - 2004-09-14 08:49 . 2008-04-11 19:06 691712 c:\windows\system32\inetcomm.dll + 2004-09-14 08:49 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll - 2008-08-14 08:48 . 2008-04-11 19:06 691712 c:\windows\system32\dllcache\inetcomm.dll + 2008-08-14 08:48 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll + 2010-05-12 13:21 . 2010-05-12 13:21 345472 c:\windows\Installer\{5C7DF2CB-0DE0-40F5-B24F-8E59B81FFF78}\ARPPRODUCTICON.exe - 2009-08-13 09:45 . 2009-07-10 13:31 1315328 c:\windows\system32\dllcache\msoe.dll + 2009-08-13 09:45 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll + 2010-05-12 13:21 . 2010-05-12 13:21 2857472 c:\windows\Installer\132f4c2.msi + 2006-01-06 09:24 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888] "SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-04-19 1291600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-25 809488] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-11-07 15:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [13/10/2009 9:02 95024] R2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [19/04/2010 13:48 2726000] R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [19/04/2010 13:47 181584] S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [12/05/2010 15:28 13400] S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [12/05/2010 15:21 204632] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 17:26 135664] S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25/12/2008 13:14 10384] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [13/12/2008 14:04 210216] S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [12/05/2010 15:28 69720] S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29/08/2006 0:54 10664] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - LBEEPKE . Inhoud van de 'Gedeelde Taken' map 2010-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:26] 2010-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:26] 2009-08-14 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-21 10:22] 2009-11-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-21 10:22] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nieuwsblad.be/index.html uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe Trusted Zone: dexia.be\directnet Trusted Zone: internet Trusted Zone: mcafee.com . - - - - ORPHANS VERWIJDERD - - - - SafeBoot-mfehidk SafeBoot-mferkdk SafeBoot-mfetdik SafeBoot-mfetdik.sys ************************************************************************** scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(224) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . Voltooingstijd: 2010-05-14 17:44:46 ComboFix-quarantined-files.txt 2010-05-14 15:44 ComboFix2.txt 2010-05-11 12:08 ComboFix3.txt 2010-05-08 16:50 Pre-Run: 14.595.047.424 bytes beschikbaar Post-Run: 14.673.805.312 bytes beschikbaar - - End Of File - - 366E3C7882DF3293823508917D355F97

gekozen om naar een vroeger herstelpunt te gaan . punt voordat ik viper gedownload hebt. Wat ook wel zal betekenen dat mijn generic ook terug aanwezig is. combo: ComboFix 10-05-07.07 - Marc 14/05/2010 20:13:50.14.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.546 [GMT 2:00] Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . (((((((((((((((((((( Bestanden Gemaakt van 2010-04-14 to 2010-05-14 )))))))))))))))))))))))))))))) . 2010-05-14 18:04 . 2010-05-14 18:04 -------- d-----w- c:\windows\system32\wbem\Repository 2010-05-14 17:38 . 2010-05-14 18:00 -------- d-----w- C:\ComboFix(2) 2010-05-12 13:23 . 2010-05-12 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt 2010-05-12 13:23 . 2010-05-12 13:23 -------- d-----w- c:\documents and settings\Marc\Application Data\Sunbelt 2010-05-12 13:21 . 2010-05-12 13:21 -------- d-----w- c:\program files\Sunbelt Software 2010-05-01 09:01 . 2010-05-01 09:01 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2010-05-01 08:37 . 2010-05-01 08:37 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2010-05-01 08:37 . 2010-05-01 08:37 -------- d-----r- c:\documents and settings\NetworkService\Favorieten 2010-04-30 09:48 . 2010-04-30 09:48 388096 ----a-r- c:\documents and settings\Marc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-04-30 09:48 . 2010-04-30 09:48 -------- d-----w- c:\program files\Trend Micro 2010-04-30 09:44 . 2010-04-30 09:45 182656 ----a-w- c:\windows\system32\dllcache\ndis.sys 2010-04-27 14:19 . 2010-04-27 14:19 -------- d-----w- c:\documents and settings\Marc\Application Data\Malwarebytes 2010-04-27 14:18 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-27 14:18 . 2010-04-27 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-27 14:18 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 14:18 . 2010-04-30 10:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-26 16:17 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-04-26 16:17 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-04-26 16:16 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-04-26 16:16 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys 2010-04-26 16:15 . 2010-04-26 16:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-14 18:04 . 2009-11-24 10:29 -------- d-----w- c:\program files\Everest Poker 2010-05-12 16:48 . 2008-10-22 17:04 -------- d-----w- c:\program files\USD 2010-05-12 15:41 . 2008-04-21 13:32 -------- d-----w- c:\documents and settings\Marc\Application Data\OpenOffice.org2 2010-05-12 13:26 . 2010-05-01 08:34 112 ----a-w- c:\documents and settings\All Users\Application Data\6pq0BV.dat 2010-05-10 11:24 . 2008-04-21 13:35 1 ----a-w- c:\documents and settings\Marc\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2010-05-05 18:15 . 2010-05-05 18:14 -------- d-----w- c:\program files\QuickTime 2010-05-03 14:17 . 2010-01-08 09:45 -------- d-----w- c:\program files\iTunes 2010-05-01 10:52 . 2005-12-15 01:52 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-05-01 09:57 . 2005-12-15 01:52 -------- d-----w- c:\program files\Sonic 2010-04-30 10:55 . 2010-04-30 10:55 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-30 09:45 . 2004-09-14 08:38 182656 ----a-w- c:\windows\system32\drivers\ndis.sys 2010-04-28 18:13 . 2007-03-21 14:42 -------- d-----w- c:\program files\McAfee 2010-04-11 15:47 . 2009-11-28 17:35 -------- d-----w- c:\program files\PokerStars 2010-04-09 14:44 . 2010-04-08 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-04-08 12:15 . 2010-04-08 12:15 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-03-28 11:40 . 2004-09-14 08:38 70312 ----a-w- c:\windows\system32\perfc013.dat 2010-03-28 11:40 . 2004-09-14 08:38 443522 ----a-w- c:\windows\system32\perfh013.dat 2010-03-10 06:17 . 2004-09-14 08:38 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:20 . 2004-09-14 08:38 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2005-12-15 01:28 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-19 16:49 . 2009-03-30 16:31 288096 ----a-r- c:\documents and settings\Marc\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll 2010-02-16 19:09 . 2004-09-14 08:38 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:09 . 2004-08-04 00:58 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe 2006-11-08 15:01 . 2006-11-08 15:01 774144 ----a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((( SnapShot@2010-05-08_16.48.40 ))))))))))))))))))))))))))))))))))))))))) . + 2005-12-20 16:23 . 2010-05-14 18:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat - 2005-12-20 16:23 . 2010-05-08 15:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2010-05-14 18:12 . 2010-05-14 18:12 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2010-05-14 17:59 . 2010-05-14 18:06 1661564 c:\windows\system32\Restore\rstrlog.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-25 809488] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-11-07 15:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25/12/2008 13:14 10384] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [13/12/2008 14:04 210216] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 17:26 135664] S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29/08/2006 0:54 10664] . Inhoud van de 'Gedeelde Taken' map 2010-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:26] 2010-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:26] 2009-08-14 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-21 10:22] 2009-11-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-21 10:22] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nieuwsblad.be/index.html uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe Trusted Zone: dexia.be\directnet Trusted Zone: internet Trusted Zone: mcafee.com . ************************************************************************** scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(636) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(1116) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2010-05-14 20:21:21 ComboFix-quarantined-files.txt 2010-05-14 18:21 ComboFix2.txt 2010-05-14 17:44 ComboFix3.txt 2010-05-14 17:21 ComboFix4.txt 2010-05-14 15:44 ComboFix5.txt 2010-05-14 18:11 Pre-Run: 13.432.614.912 bytes beschikbaar Post-Run: 13.395.664.896 bytes beschikbaar - - End Of File - - DB007C659E59F3EED856D3E28647C11A

kape ik heb een combofix kunnen uitvoeren maar ik kan het voorlopig niet posten doordat ik niet kan werken buiten mijn veilige modus. Krijg viper niet in veilige modus verwijderd of afgezet.

Het lukt momenteel niet om combofix te draaien. Na opstart reageert pc niet meer (zeer traag) Is dit mogelijk doordat viper en mcafee elkaar tegenwerken ?? Ik heb in veilige modus mcafee al eens laten scannen (1 fout) maar zonder verbetering. Ik ben nu in veilige modus met viper aan het scannen. Is het mogelijk om combofix te laten draaien in veilige modus.

Ik heb een scan uitgevoerd met de aangeraden virusscanner. 9 gevaren zijn opgeschoond maar ik zie dat windows\task\AT1.job terug op mijn pc staat. Precies als 1 verwijderd wordt dat het andere terug geactiveerd wordt.

Het scanresultaat van virus total was niet volledig te kopieren. Indien gewenst kan ik het afdrukken en inscannen. Resultaat: 24/41 (58.54%) 24 scanners vonden iets. trid..: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) AntivirusVersieLaatst geüpdatetResultaata-squared4.5.0.502010.05.10Trojan.Win32.Powp!IKAhnLab-V32010.05.12.012010.05.12-AntiVir8.2.1.2362010.05.12TR/Dldr.Agent.dnrtAntiy-AVL2.0.3.72010.05.12Trojan/Win32.Powp.genAuthentium5.2.0.52010.05.12-Avast4.8.1351.02010.05.12Win32:Trojan-genAvast55.0.332.02010.05.12Win32:Trojan-genAVG9.0.0.7872010.05.12Dropper.Generic2.EWFBitDefender 7.22010.05.12Trojan.Generic.3828220CAT-QuickHeal10.002010.05.12Trojan.Powp.agjClamAV0.96.0.3-git2010.05.12-Comodo48272010.05.12-DrWeb5.0.2.033002010.05.12-eSafe7.0.17.02010.05.11-eTrust-Vet35.2.74832010.05.12-F-Prot4.5.1.852010.05.12-F-Secure9.0.15370.02010.05.12Trojan.Generic.3828220Fortinet 4.1.133.02010.05.12-GData212010.05.12Trojan.Generic.3828220Ikarus T3.1.1.84.02010.05.12Trojan.Win32.PowpJiangmin 13.0.9002010.05.12Trojan/Powp.iKaspersky7.0.0.1252010.05.12-McAfee5.400.0.11582010.05.12-McAfee-GW-Edition2010.12010.05.12 Heuristic.LooksLike.Trojan.Dldr.Agent.EMicrosoft1.57032010.05.12 VirTool:Win32/CeeInject.gen!JNOD3251072010.05.12Win32/TrojanDownloader.Unruy.BNNorman6.04.122010.05.12W32/Malware.MIZMnProtect2010-05-12.012010.05.12Trojan.Generic.3828220Panda10.0.2.72010.05.11-PCTools7.0.3.52010.05.12-Prevx3.02010.05.12High Risk Fraudulent Security ProgramRising22.47.02.042010.05.12-Sophos4.53.02010.05.12Sus/UnkPack-CSunbelt62942010.05.12Trojan.Win32.Generic!BTSymantec 20101.1.0.892010.05.12-TheHacker6.5.2.0.2792010.05.11Trojan/Downloader.Unruy.bn TrendMicro9.120.0.10042010.05.12-TrendMicro-HouseCall9.120.0.10042010.05.12-VBA323.12.12.42010.05.12 Trojan.Win32.BuzusViRobot2010.5.12.23122010.05.12 Trojan.Win32.Powp.35840VirusBuster5.0.27.02010.05.11 Trojan.Powp.H Extra informatieFile size: 35844 bytesMD5...: 94ab093f54eefa782ce1aba3259f9d84SHA1..: 131673e0611ef6a380f4b8750666a2fca8836d18SHA256: 8f2f2c580083e70fa59f29a4036772b534a9f4bfba8d8d92fd3 e159c8f2e1c18ssdeep: 768:P6A/XNwNmytems1+x0rrt1KfEyekW8cic+SBTubwy:P6A/XNSpL0ruEySbic dBO PEiD..: -PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x3190 timedatestamp.....: 0x4bd9e204 (Thu Apr 29 19:46:12 2010) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x21d0 0x2200 5.84 01c9f1677196a863ee77257fabd91357 .rdata 0x4000 0x1d2 0x200 4.22 26c0dce874c14da7e290f7d50001a2b3 .data 0x5000 0x62a4 0x6200 7.85 9615d38ae58524fa7d81401b15e763c4 .rsrc 0xc000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b ( 2 imports ) > KERNEL32.dll: HeapAlloc, GetProcessHeap, ExitProcess, GetProcAddress, GetModuleHandleA > USER32.dll: SetScrollInfo, CloseClipboard, GetDC, EnableMenuItem, ScrollWindow, SetClipboardData, OpenClipboard, EmptyClipboard, GetScrollInfo, UpdateWindow ( 0 exports ) RDS...: NSRL Reference Data Set -pdfid.: -trid..: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) AntivirusVersieLaatst geüpdatetResultaata-squared4.5.0.502010.05.10Trojan.Win32.Powp!IKAhnLab-V32010.05.12.012010.05.12-AntiVir8.2.1.2362010.05.12TR/Dldr.Agent.dnrtAntiy-AVL2.0.3.72010.05.12Trojan/Win32.Powp.genAuthentium5.2.0.52010.05.12-Avast4.8.1351.02010.05.12Win32:Trojan-genAvast55.0.332.02010.05.12Win32:Trojan-genAVG9.0.0.7872010.05.12Dropper.Generic2.EWFBitDefender 7.22010.05.12Trojan.Generic.3828220CAT-QuickHeal10.002010.05.12Trojan.Powp.agjClamAV0.96.0.3-git2010.05.12-Comodo48272010.05.12-DrWeb5.0.2.033002010.05.12-eSafe7.0.17.02010.05.11-eTrust-Vet35.2.74832010.05.12-F-Prot4.5.1.852010.05.12-F-Secure9.0.15370.02010.05.12Trojan.Generic.3828220Fortinet 4.1.133.02010.05.12-GData212010.05.12Trojan.Generic.3828220 IkarusT3.1.1.84.02010.05.12 Trojan.Win32.PowpJiangmin13.0.9002010.05.12 Trojan/Powp.iKaspersky7.0.0.1252010.05.12-McAfee5.400.0.11582010.05.12-McAfee-GW-Edition2010.12010.05.12Heuristic.LooksLike. Trojan.Dldr.Agent.EMicrosoft1.57032010.05.12 VirTool:Win32/CeeInject.gen!JNOD3251072010.05.12Win32/TrojanDownloader.Unruy.BNNorman6.04.122010.05.12W32/Malware.MIZMnProtect2010-05-12.012010.05.12Trojan.Generic.3828220Panda10.0.2.72010.05.11-PCTools7.0.3.52010.05.12-Prevx3.02010.05.12High Risk Fraudulent Security ProgramRising22.47.02.042010.05.12-Sophos4.53.02010.05.12Sus/UnkPack-CSunbelt62942010.05.12 Trojan.Win32.Generic!BTSymantec20101.1.0.892010.05.12-TheHacker6.5.2.0.2792010.05.11 Trojan/Downloader.Unruy.bnTrendMicro9.120.0.10042010.05.12-TrendMicro-HouseCall9.120.0.10042010.05.12-VBA323.12.12.42010.05.12 Trojan.Win32.BuzusViRobot2010.5.12.23122010.05.12 Trojan.Win32.Powp.35840VirusBuster5.0.27.02010.05.11 Trojan.Powp.H Extra informatieFile size: 35844 bytesMD5...: 94ab093f54eefa782ce1aba3259f9d84SHA1..: 131673e0611ef6a380f4b8750666a2fca8836d18SHA256: 8f2f2c580083e70fa59f29a4036772b534a9f4bfba8d8d92fd3 e159c8f2e1c18ssdeep: 768:P6A/XNwNmytems1+x0rrt1KfEyekW8cic+SBTubwy:P6A/XNSpL0ruEySbic dBO PEiD..: -PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x3190 timedatestamp.....: 0x4bd9e204 (Thu Apr 29 19:46:12 2010) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x21d0 0x2200 5.84 01c9f1677196a863ee77257fabd91357 .rdata 0x4000 0x1d2 0x200 4.22 26c0dce874c14da7e290f7d50001a2b3 .data 0x5000 0x62a4 0x6200 7.85 9615d38ae58524fa7d81401b15e763c4 .rsrc 0xc000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b ( 2 imports ) > KERNEL32.dll: HeapAlloc, GetProcessHeap, ExitProcess, GetProcAddress, GetModuleHandleA > USER32.dll: SetScrollInfo, CloseClipboard, GetDC, EnableMenuItem, ScrollWindow, SetClipboardData, OpenClipboard, EmptyClipboard, GetScrollInfo, UpdateWindow ( 0 exports ) RDS...: NSRL Reference Data Set -pdfid.: -trid..: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) AntivirusVersieLaatst geüpdatetResultaata-squared4.5.0.502010.05.10Trojan.Win32.Powp!IKAhnLab-V32010.05.12.012010.05.12-AntiVir8.2.1.2362010.05.12TR/Dldr.Agent.dnrtAntiy-AVL2.0.3.72010.05.12Trojan/Win32.Powp.genAuthentium5.2.0.52010.05.12-Avast4.8.1351.02010.05.12Win32:Trojan-genAvast55.0.332.02010.05.12Win32:Trojan-genAVG9.0.0.7872010.05.12 Dropper.Generic2.EWFBitDefender7.22010.05.12 Trojan.Generic.3828220CAT-QuickHeal10.002010.05.12Trojan.Powp.agjClamAV0.96.0.3-git2010.05.12-Comodo48272010.05.12-DrWeb5.0.2.033002010.05.12-eSafe7.0.17.02010.05.11-eTrust-Vet35.2.74832010.05.12-F-Prot4.5.1.852010.05.12-F-Secure9.0.15370.02010.05.12Trojan.Generic.3828220 Fortinet4.1.133.02010.05.12-GData212010.05.12Trojan.Generic.3828220 IkarusT3.1.1.84.02010.05.12 Trojan.Win32.PowpJiangmin13.0.9002010.05.12 Trojan/Powp.iKaspersky7.0.0.1252010.05.12-McAfee5.400.0.11582010.05.12-McAfee-GW-Edition2010.12010.05.12Heuristic.LooksLike. .Dldr.Agent.EMicrosoft1.57032010.05.12 VirTool:Win32/CeeInject.gen!JNOD3251072010.05.12Win32/TrojanDownloader.Unruy.BNNorman6.04.122010.05.12W32/Malware.MIZMnProtect2010-05-12.012010.05.12Trojan.Generic.3828220Panda10.0.2.72010.05.11-PCTools7.0.3.52010.05.12-Prevx3.02010.05.12High Risk Fraudulent Security ProgramRising22.47.02.042010.05.12-Sophos4.53.02010.05.12Sus/UnkPack-CSunbelt62942010.05.12 Trojan.Win32.Generic!BTSymantec20101.1.0.892010.05.12-TheHacker6.5.2.0.2792010.05.11 Trojan/Downloader.Unruy.bnTrendMicro9.120.0.10042010.05.12-TrendMicro-HouseCall9.120.0.10042010.05.12-VBA323.12.12.42010.05.12 Trojan.Win32.BuzusViRobot2010.5.12.23122010.05.12 Trojan.Win32.Powp.35840VirusBuster5.0.27.02010.05.11 Trojan.Powp.H Extra informatieFile size: 35844 bytesMD5...: 94ab093f54eefa782ce1aba3259f9d84SHA1..: 131673e0611ef6a380f4b8750666a2fca8836d18SHA256: 8f2f2c580083e70fa59f29a4036772b534a9f4bfba8d8d92fd3e1 59c8f2e1c18ssdeep: 768:P6A/XNwNmytems1+x0rrt1KfEyekW8cic+SBTubwy:P6A/XNSpL0ruEySbic dBO PEiD..: -PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x3190 timedatestamp.....: 0x4bd9e204 (Thu Apr 29 19:46:12 2010) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x21d0 0x2200 5.84 01c9f1677196a863ee77257fabd91357 .rdata 0x4000 0x1d2 0x200 4.22 26c0dce874c14da7e290f7d50001a2b3 .data 0x5000 0x62a4 0x6200 7.85 9615d38ae58524fa7d81401b15e763c4 .rsrc 0xc000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b ( 2 imports ) > KERNEL32.dll: HeapAlloc, GetProcessHeap, ExitProcess, GetProcAddress, GetModuleHandleA > USER32.dll: SetScrollInfo, CloseClipboard, GetDC, EnableMenuItem, ScrollWindow, SetClipboardData, OpenClipboard, EmptyClipboard, GetScrollInfo, UpdateWindow ( 0 exports ) RDS...: NSRL Reference Data Set -pdfid.: -trid..: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) Extra informatieFile size: 35844 bytesMD5...: 94ab093f54eefa782ce1aba3259f9d84SHA1..: 131673e0611ef6a380f4b8750666a2fca8836d18SHA256: 8f2f2c580083e70fa59f29a4036772b534a9f4bfba8d8d92fd 3e159c8f2e1c18ssdeep: 768:P6A/XNwNmytems1+x0rrt1KfEyekW8cic+SBTubwy:P6A/XNSpL0ruEySbic dBO PEiD..: -PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x3190 timedatestamp.....: 0x4bd9e204 (Thu Apr 29 19:46:12 2010) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x21d0 0x2200 5.84 01c9f1677196a863ee77257fabd91357 .rdata 0x4000 0x1d2 0x200 4.22 26c0dce874c14da7e290f7d50001a2b3 .data 0x5000 0x62a4 0x6200 7.85 9615d38ae58524fa7d81401b15e763c4 .rsrc 0xc000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b ( 2 imports ) > KERNEL32.dll: HeapAlloc, GetProcessHeap, ExitProcess, GetProcAddress, GetModuleHandleA > USER32.dll: SetScrollInfo, CloseClipboard, GetDC, EnableMenuItem, ScrollWindow, SetClipboardData, OpenClipboard, EmptyClipboard, GetScrollInfo, UpdateWindow ( 0 exports ) RDS...: NSRL Reference Data Set -pdfid.: -trid..: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) AntivirusVersieLaatst geüpdatetResultaata-squared4.5.0.502010.05.10Trojan.Win32.Powp!IKAhnLab-V32010.05.12.012010.05.12-AntiVir8.2.1.2362010.05.12TR/Dldr.Agent.dnrtAntiy-AVL2.0.3.72010.05.12Trojan/Win32.Powp.genAuthentium5.2.0.52010.05.12-Avast4.8.1351.02010.05.12Win32:Trojan-genAvast55.0.332.02010.05.12Win32:Trojan-genAVG9.0.0.7872010.05.12 Dropper.Generic2.EWFBitDefender7.22010.05.12 Trojan.Generic.3828220CAT-QuickHeal10.002010.05.12Trojan.Powp.agjClamAV0.96.0.3-git2010.05.12-Comodo48272010.05.12-DrWeb5.0.2.033002010.05.12-eSafe7.0.17.02010.05.11-eTrust-Vet35.2.74832010.05.12-F-Prot4.5.1.852010.05.12-F-Secure9.0.15370.02010.05.12Trojan.Generic.3828220 Fortinet4.1.133.02010.05.12-GData212010.05.12Trojan.Generic.3828220 IkarusT3.1.1.84.02010.05.12 Trojan.Win32.PowpJiangmin13.0.9002010.05.12 Trojan/Powp.iKaspersky7.0.0.1252010.05.12-McAfee5.400.0.11582010.05.12-McAfee-GW-Edition2010.12010.05.12 Heuristic.LooksLike.Trojan.Dldr.Agent.EMicrosoft1.57032010.05.12 VirTool:Win32/CeeInject.gen!JNOD3251072010.05.12Win32/TrojanDownloader.Unruy.BNNorman6.04.122010.05.12W32/Malware.MIZMnProtect2010-05-12.012010.05.12 Trojan.Generic.3828220Panda10.0.2.72010.05.11-PCTools7.0.3.52010.05.12-Prevx3.02010.05.12High Risk Fraudulent Security ProgramRising22.47.02.042010.05.12-Sophos4.53.02010.05.12Sus/UnkPack-CSunbelt62942010.05.12Trojan.Win32.Generic!BTSymantec20101.1.0.892010.05.12-TheHacker6.5.2.0.2792010.05.11Trojan/Downloader.Unruy.bnTrendMicro9.120.0.10042010.05.12-TrendMicro-HouseCall9.120.0.10042010.05.12-VBA323.12.12.42010.05.12 Trojan.Win32.BuzusViRobot2010.5.12.23122010.05.12 Trojan.Win32.Powp.35840VirusBuster5.0.27.02010.05.11 Trojan.Powp.H

Momenteel verwijst hij naar processen die vanop mijn pc worden tegengehouden. bv. bestand: c:\documents and settings\Marc\localsettings\Temp\hki221.exe proces: c:\windows\system32\KHALMNPR.exe procesbeschrijving: c:\windows\system32\KHALMNPR.exe Telkens dezelfde generic die tegengehouden wordt en dit vanop altijd een ander bestand en proces.

Bedankt kape , Het lijkt erop dat het AT.job probleem opgelost is maar ik ben precies terug in mijn oude probleem gesukkeld. Sinds gisteren krijg ik terug meldingen dat mcafee een Generic.dx!sqi heeft tegengehouden. 4 keer al op 4 verschillende plaatsen.

Combo ComboFix 10-05-10.03 - Marc 11/05/2010 13:59:42.14.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.613 [GMT 2:00] Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Marc\Bureaublad\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At25.job c:\windows\Tasks\At26.job c:\windows\Tasks\At27.job c:\windows\Tasks\At28.job c:\windows\Tasks\At29.job c:\windows\Tasks\At3.job c:\windows\Tasks\At30.job c:\windows\Tasks\At31.job c:\windows\Tasks\At32.job c:\windows\Tasks\At33.job c:\windows\Tasks\At34.job c:\windows\Tasks\At35.job c:\windows\Tasks\At36.job c:\windows\Tasks\At37.job c:\windows\Tasks\At38.job c:\windows\Tasks\At39.job c:\windows\Tasks\At4.job c:\windows\Tasks\At40.job c:\windows\Tasks\At41.job c:\windows\Tasks\At42.job c:\windows\Tasks\At43.job c:\windows\Tasks\At44.job c:\windows\Tasks\At45.job c:\windows\Tasks\At46.job c:\windows\Tasks\At47.job c:\windows\Tasks\At48.job c:\windows\Tasks\At49.job c:\windows\Tasks\At5.job c:\windows\Tasks\At50.job c:\windows\Tasks\At51.job c:\windows\Tasks\At52.job c:\windows\Tasks\At53.job c:\windows\Tasks\At54.job c:\windows\Tasks\At55.job c:\windows\Tasks\At56.job c:\windows\Tasks\At57.job c:\windows\Tasks\At58.job c:\windows\Tasks\At59.job c:\windows\Tasks\At6.job c:\windows\Tasks\At60.job c:\windows\Tasks\At61.job c:\windows\Tasks\At62.job c:\windows\Tasks\At63.job c:\windows\Tasks\At64.job c:\windows\Tasks\At65.job c:\windows\Tasks\At66.job c:\windows\Tasks\At67.job c:\windows\Tasks\At68.job c:\windows\Tasks\At69.job c:\windows\Tasks\At7.job c:\windows\Tasks\At70.job c:\windows\Tasks\At71.job c:\windows\Tasks\At72.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . (((((((((((((((((((( Bestanden Gemaakt van 2010-04-11 to 2010-05-11 )))))))))))))))))))))))))))))) . 2010-05-01 09:01 . 2010-05-01 09:01 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2010-05-01 08:37 . 2010-05-01 08:37 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2010-05-01 08:37 . 2010-05-01 08:37 -------- d-----r- c:\documents and settings\NetworkService\Favorieten 2010-04-30 09:48 . 2010-04-30 09:48 388096 ----a-r- c:\documents and settings\Marc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-04-30 09:48 . 2010-04-30 09:48 -------- d-----w- c:\program files\Trend Micro 2010-04-30 09:44 . 2010-04-30 09:45 182656 ----a-w- c:\windows\system32\dllcache\ndis.sys 2010-04-27 14:19 . 2010-04-27 14:19 -------- d-----w- c:\documents and settings\Marc\Application Data\Malwarebytes 2010-04-27 14:18 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-27 14:18 . 2010-04-27 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-27 14:18 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 14:18 . 2010-04-30 10:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-26 16:17 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-04-26 16:17 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-04-26 16:16 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-04-26 16:16 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys 2010-04-26 16:16 . 2010-05-01 08:31 35844 ----a-w- c:\windows\system32\KHALMNPR.EXE 2010-04-26 16:15 . 2010-04-26 16:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-04-14 09:32 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-11 11:59 . 2008-10-22 17:04 -------- d-----w- c:\program files\USD 2010-05-11 09:51 . 2008-04-21 13:32 -------- d-----w- c:\documents and settings\Marc\Application Data\OpenOffice.org2 2010-05-11 09:51 . 2008-04-21 13:35 1 ----a-w- c:\documents and settings\Marc\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2010-05-11 09:43 . 2009-11-24 10:29 -------- d-----w- c:\program files\Everest Poker 2010-05-11 07:30 . 2010-05-01 08:34 112 ----a-w- c:\documents and settings\All Users\Application Data\6pq0BV.dat 2010-05-05 18:15 . 2010-05-05 18:14 -------- d-----w- c:\program files\QuickTime 2010-05-03 14:17 . 2010-01-08 09:45 -------- d-----w- c:\program files\iTunes 2010-05-01 10:52 . 2005-12-15 01:52 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-05-01 09:57 . 2005-12-15 01:52 -------- d-----w- c:\program files\Sonic 2010-05-01 08:31 . 2010-05-03 11:27 35844 ----a-w- c:\windows\Fonts\401tswHo.com 2010-04-30 09:45 . 2004-09-14 08:38 182656 ----a-w- c:\windows\system32\drivers\ndis.sys 2010-04-28 18:13 . 2007-03-21 14:42 -------- d-----w- c:\program files\McAfee 2010-04-11 15:47 . 2009-11-28 17:35 -------- d-----w- c:\program files\PokerStars 2010-04-09 14:44 . 2010-04-08 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-04-08 12:15 . 2010-04-08 12:15 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-03-28 11:40 . 2004-09-14 08:38 70312 ----a-w- c:\windows\system32\perfc013.dat 2010-03-28 11:40 . 2004-09-14 08:38 443522 ----a-w- c:\windows\system32\perfh013.dat 2010-03-10 06:17 . 2004-09-14 08:38 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:20 . 2004-09-14 08:38 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2005-12-15 01:28 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-19 16:49 . 2009-03-30 16:31 288096 ----a-r- c:\documents and settings\Marc\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll 2010-02-16 19:09 . 2004-09-14 08:38 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:09 . 2004-08-04 00:58 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:35 . 2004-09-14 08:38 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-09-14 08:38 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2006-11-08 15:01 . 2006-11-08 15:01 774144 ----a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((( SnapShot@2010-05-08_16.48.40 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-10 06:59 . 2010-05-11 12:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2005-12-20 16:23 . 2010-05-11 12:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat - 2005-12-20 16:23 . 2010-05-08 15:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2010-05-10 06:59 . 2010-05-11 12:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2010-05-01 35844] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-25 809488] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-11-07 15:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25/12/2008 13:14 10384] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [13/12/2008 14:04 210216] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 17:26 135664] S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29/08/2006 0:54 10664] . Inhoud van de 'Gedeelde Taken' map 2010-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:26] 2010-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:26] 2009-08-14 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-21 10:22] 2009-11-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-21 10:22] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nieuwsblad.be/index.html uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe Trusted Zone: dexia.be\directnet Trusted Zone: internet Trusted Zone: mcafee.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-05-11 14:06 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(632) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . Voltooingstijd: 2010-05-11 14:08:39 ComboFix-quarantined-files.txt 2010-05-11 12:08 ComboFix2.txt 2010-05-08 16:50 Pre-Run: 14.494.154.752 bytes beschikbaar Post-Run: 14.540.963.840 bytes beschikbaar - - End Of File - - BECAD62D779B32D2EC8AEF879EB28F4F Hijack: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:14:13, on 11/05/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Het Nieuwsblad R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=4945 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://scarlet.extrafilm.be/ImageUploader4.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 10227 bytes

De laatste 2 malwarescans was er niks gevonden dus daar heb ik geen verslag van toegeveoegd. Comboverslag: ComboFix 10-05-06.05 - Marc 07/05/2010 15:46:48.11.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.502 [GMT 2:00] Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Marc\Bureaublad\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\20654nm2.exe c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . (((((((((((((((((((( Bestanden Gemaakt van 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))) . 2010-05-01 09:01 . 2010-05-01 09:01 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2010-05-01 08:37 . 2010-05-01 08:37 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2010-05-01 08:37 . 2010-05-01 08:37 -------- d-----r- c:\documents and settings\NetworkService\Favorieten 2010-04-30 10:55 . 2010-04-30 10:55 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-30 09:48 . 2010-04-30 09:48 388096 ----a-r- c:\documents and settings\Marc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-04-30 09:48 . 2010-04-30 09:48 -------- d-----w- c:\program files\Trend Micro 2010-04-30 09:44 . 2010-04-30 09:45 182656 ----a-w- c:\windows\system32\dllcache\ndis.sys 2010-04-27 14:19 . 2010-04-27 14:19 -------- d-----w- c:\documents and settings\Marc\Application Data\Malwarebytes 2010-04-27 14:18 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-27 14:18 . 2010-04-27 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-27 14:18 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 14:18 . 2010-04-30 10:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-26 16:17 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-04-26 16:17 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-04-26 16:16 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-04-26 16:16 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys 2010-04-26 16:16 . 2010-05-01 08:31 35844 ----a-w- c:\windows\system32\KHALMNPR.EXE 2010-04-26 16:15 . 2010-04-26 16:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-04-14 09:32 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-04-08 12:15 . 2010-04-08 12:15 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-04-08 12:14 . 2010-04-09 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-07 13:28 . 2010-05-01 08:34 112 ----a-w- c:\documents and settings\All Users\Application Data\6pq0BV.dat 2010-05-06 09:36 . 2008-10-22 17:04 -------- d-----w- c:\program files\USD 2010-05-05 18:15 . 2010-05-05 18:14 -------- d-----w- c:\program files\QuickTime 2010-05-04 14:21 . 2008-04-21 13:32 -------- d-----w- c:\documents and settings\Marc\Application Data\OpenOffice.org2 2010-05-04 14:20 . 2008-04-21 13:35 1 ----a-w- c:\documents and settings\Marc\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2010-05-03 14:17 . 2010-01-08 09:45 -------- d-----w- c:\program files\iTunes 2010-05-01 10:52 . 2005-12-15 01:52 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-05-01 09:57 . 2005-12-15 01:52 -------- d-----w- c:\program files\Sonic 2010-05-01 08:31 . 2010-05-03 11:27 35844 ----a-w- c:\windows\Fonts\401tswHo.com 2010-04-30 09:45 . 2004-09-14 08:38 182656 ----a-w- c:\windows\system32\drivers\ndis.sys 2010-04-28 18:13 . 2007-03-21 14:42 -------- d-----w- c:\program files\McAfee 2010-04-26 15:35 . 2009-11-24 10:29 -------- d-----w- c:\program files\Everest Poker 2010-04-11 15:47 . 2009-11-28 17:35 -------- d-----w- c:\program files\PokerStars 2010-03-28 11:40 . 2004-09-14 08:38 70312 ----a-w- c:\windows\system32\perfc013.dat 2010-03-28 11:40 . 2004-09-14 08:38 443522 ----a-w- c:\windows\system32\perfh013.dat 2010-03-10 06:17 . 2004-09-14 08:38 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:20 . 2004-09-14 08:38 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2005-12-15 01:28 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-19 16:49 . 2009-03-30 16:31 288096 ----a-r- c:\documents and settings\Marc\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll 2010-02-16 19:09 . 2004-09-14 08:38 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:09 . 2004-08-04 00:58 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:35 . 2004-09-14 08:38 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-09-14 08:38 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2006-11-08 15:01 . 2006-11-08 15:01 774144 ----a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((( SnapShot@2010-05-06_07.44.23 ))))))))))))))))))))))))))))))))))))))))) . + 2005-12-20 16:23 . 2010-05-07 13:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat - 2005-12-20 16:23 . 2010-05-06 07:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2010-05-07 08:33 . 2010-05-07 13:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2010-05-06 07:24 . 2010-05-06 07:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2010-05-01 35844] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-25 809488] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-11-07 15:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25/12/2008 13:14 10384] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [13/12/2008 14:04 210216] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 17:26 135664] S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29/08/2006 0:54 10664] . Inhoud van de 'Gedeelde Taken' map 2010-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:26] 2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:26] 2009-08-14 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-21 10:22] 2009-11-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-21 10:22] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nieuwsblad.be/index.html uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe Trusted Zone: dexia.be\directnet Trusted Zone: internet Trusted Zone: mcafee.com . ************************************************************************** scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(632) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . Voltooingstijd: 2010-05-07 15:53:52 ComboFix-quarantined-files.txt 2010-05-07 13:53 ComboFix2.txt 2010-05-07 04:31 ComboFix3.txt 2010-05-06 07:46 ComboFix4.txt 2010-05-05 15:42 Pre-Run: 16.113.008.640 bytes beschikbaar Post-Run: 16.087.810.048 bytes beschikbaar - - End Of File - - A9960964387829633BAD470330EE0A5B

Nee, deze bedoel ik: C:\windows\tasks\AT1.job C:\windows\tasks\AT10.job enz. deze zijn alle gemaakt door NetScheduleJobAdd En dit is volgens mij de hoofdschuldige die mijn internet verstoord. c:\documents and settings\All Users\Application Data\20654nm2.exe

Hallo Jean-Pierre, Ziehier het logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:57:25, on 10/05/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\USD\USDownloader.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nieuwsblad.be/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=4945 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://scarlet.extrafilm.be/ImageUploader4.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 10371 bytes