lopkjel90

Okeee bedankt voor je hulp! Heb nu alles uitgevoerd. ik kom binnenkort nog wel een keer langs bij een ander onderwerp van mijn andere pc haha! bedankt voor je goede hulp! Martijn

Hier het logje van combofix: ComboFix 10-07-03.06 - Martijn Fransen 04-07-2010 21:17:21.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.229 [GMT 2:00] Gestart vanuit: c:\documents and settings\Martijn Fransen\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Martijn Fransen\Bureaublad\CFScript.txt AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\windows\system32\ConTest.dll" "c:\windows\system32\drivers\gaopdxserv.sys" "c:\windows\system32\SysRestore.dll" . (((((((((((((((((((( Bestanden Gemaakt van 2010-06-04 to 2010-07-04 )))))))))))))))))))))))))))))) . 2010-07-04 17:32 . 2010-07-04 17:32 -------- d-----w- c:\documents and settings\Martijn Fransen\Application Data\URSoft 2010-07-04 17:31 . 2010-07-04 17:31 -------- d-----w- c:\program files\Your Uninstaller 2010 2010-07-04 16:06 . 2008-04-15 12:00 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2010-07-04 16:06 . 2008-04-15 12:00 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-07-04 14:24 . 2010-07-04 14:24 388096 ----a-r- c:\documents and settings\Martijn Fransen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-07-04 14:24 . 2010-07-04 14:24 -------- d-----w- c:\program files\Trend Micro 2010-07-02 23:05 . 2010-07-04 18:26 -------- d-----w- c:\program files\Common Files\PC Tools 2010-07-02 22:23 . 2010-07-02 22:23 -------- d-----w- c:\documents and settings\Martijn Fransen\Application Data\Uniblue 2010-06-30 20:36 . 2010-06-30 21:20 -------- d-----w- c:\documents and settings\Martijn Fransen\.jenny 2010-06-30 11:05 . 2010-06-30 11:05 -------- d-----w- c:\documents and settings\Martijn Fransen\Local Settings\Application Data\cache 2010-06-30 11:04 . 2010-06-30 11:57 -------- d-----w- c:\documents and settings\Martijn Fransen\Local Settings\Application Data\FullTiltPoker 2010-06-30 11:03 . 2010-06-30 11:57 -------- d-----w- c:\program files\Full Tilt Poker 2010-06-29 00:25 . 2010-06-29 00:25 -------- d-----w- c:\documents and settings\Martijn Fransen\Local Settings\Application Data\Deployment 2010-06-26 22:03 . 2010-06-26 22:03 -------- d-----w- c:\documents and settings\Martijn Fransen\Local Settings\Application Data\PCHealth 2010-06-23 10:49 . 2010-07-04 19:14 -------- d--h--r- c:\documents and settings\Martijn Fransen\Onlangs geopend 2010-06-23 08:53 . 2010-06-23 08:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-06-23 08:24 . 2010-06-23 08:24 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-06-23 08:21 . 2010-06-23 08:21 -------- d-----w- c:\program files\CCleaner 2010-06-23 08:06 . 2010-06-23 08:06 -------- d-----w- c:\documents and settings\Martijn Fransen\Application Data\WinPatrol 2010-06-23 08:06 . 2009-06-15 14:58 0 ----a-w- c:\documents and settings\Martijn Fransen\Application Data\WinPatrol\Config.sys 2010-06-23 08:06 . 2009-06-15 14:58 0 ----a-w- c:\documents and settings\Martijn Fransen\Application Data\WinPatrol\Autoexec.bat 2010-06-23 08:05 . 2010-06-23 10:58 -------- d-----w- c:\program files\Unlocker 2010-06-22 06:57 . 2010-06-22 06:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-06-05 10:18 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-04 21:51 . 2010-06-04 21:51 -------- d-----w- c:\documents and settings\Martijn Fransen\Application Data\Apple Computer 2010-06-04 21:48 . 2010-06-04 21:48 -------- d-----w- c:\program files\QuickTime 2010-06-04 21:47 . 2010-06-04 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-06-04 21:46 . 2010-06-04 21:46 -------- d-----w- c:\program files\Common Files\Apple 2010-06-04 21:45 . 2010-06-04 21:45 -------- d-----w- c:\documents and settings\Martijn Fransen\Local Settings\Application Data\Apple 2010-06-04 21:45 . 2010-06-04 21:45 -------- d-----w- c:\program files\Apple Software Update 2010-06-04 21:45 . 2010-06-04 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-06-04 21:45 . 2010-06-04 21:45 -------- d-----w- c:\documents and settings\Martijn Fransen\Local Settings\Application Data\Apple Computer . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-04 18:37 . 2010-04-08 10:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-04 18:31 . 2009-06-15 16:40 87646 ----a-w- c:\windows\system32\perfc013.dat 2010-07-04 18:31 . 2009-06-15 16:40 502700 ----a-w- c:\windows\system32\perfh013.dat 2010-07-04 17:38 . 2009-12-22 17:46 0 ----a-w- c:\documents and settings\Martijn Fransen\Local Settings\Application Data\prvlcl.dat 2010-07-02 11:29 . 2009-06-15 16:40 1037312 ----a-w- c:\windows\explorer.exe 2010-06-23 08:32 . 2009-06-16 08:55 -------- d-----w- c:\program files\Windows Live 2010-06-22 06:57 . 2009-12-09 11:40 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-22 06:56 . 2009-12-09 11:40 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-12 08:59 . 2009-06-16 08:46 -------- d-----w- c:\program files\ASUS 2010-06-09 13:48 . 2009-06-16 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-05 10:17 . 2009-12-20 18:26 -------- d-----w- c:\program files\Java 2010-06-05 09:27 . 2010-02-15 11:14 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-04 08:53 . 2009-06-16 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-06-03 11:18 . 2010-06-02 22:15 -------- d-----w- c:\documents and settings\Martijn Fransen\Application Data\Skype 2010-06-03 10:10 . 2010-06-02 22:17 -------- d-----w- c:\documents and settings\Martijn Fransen\Application Data\skypePM 2010-06-02 22:17 . 2010-06-02 22:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-06-01 19:30 . 2010-06-01 19:30 -------- d-----w- c:\program files\Enigma Software Group 2010-06-01 19:29 . 2010-06-01 19:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-31 19:06 . 2009-12-09 11:40 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-05-31 19:06 . 2009-12-09 11:40 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2010-05-31 18:09 . 2009-12-09 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-05-31 10:22 . 2010-05-29 19:21 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-05-31 10:22 . 2010-05-29 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-31 10:21 . 2010-05-30 21:01 -------- d-----w- c:\program files\Trojan Remover 2010-05-31 10:20 . 2009-06-16 09:31 -------- d-----w- c:\program files\Privoxy 2010-05-30 21:01 . 2010-05-30 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2010-05-30 20:51 . 2010-05-30 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-05-13 11:15 . 2010-04-08 10:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-12 18:01 . 2010-05-12 15:48 -------- d-----w- c:\program files\Hide Folders 2009 2010-05-12 18:00 . 2009-12-03 23:51 -------- d-----w- c:\documents and settings\Martijn Fransen\Application Data\ASUS 2010-05-12 17:50 . 2010-05-12 16:30 -------- d-----w- c:\program files\Lavasoft 2010-05-12 16:22 . 2010-05-12 15:46 269824 ----a-w- c:\windows\system32\supermenuhook.dll 2010-05-12 15:46 . 2010-05-12 15:46 -------- d-----w- c:\program files\SuperLogix 2010-05-12 15:09 . 2010-05-12 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-05-12 15:09 . 2010-05-12 15:09 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-11 14:28 . 2010-05-11 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-05-11 11:45 . 2010-05-11 11:45 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-05-04 17:21 . 2009-06-15 16:40 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:21 . 2009-06-15 16:40 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:21 . 2009-06-15 16:40 17408 ----a-w- c:\windows\system32\corpol.dll 2010-05-02 08:10 . 2009-06-15 16:40 1851392 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 13:39 . 2010-04-08 10:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2010-04-08 10:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 05:35 . 2009-06-15 16:40 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-17 00:11 . 2010-04-17 00:11 307056 ----a-w- c:\windows\WLXPGSS.SCR 2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll . ((((((((((((((((((((((((((((( SnapShot@2010-07-04_16.10.37 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-04 18:26 . 2010-07-04 18:26 16384 c:\windows\Temp\Perflib_Perfdata_6ec.dat + 2009-06-15 16:40 . 2010-07-04 18:31 68804 c:\windows\system32\perfc009.dat - 2009-06-15 16:40 . 2010-07-04 08:50 68804 c:\windows\system32\perfc009.dat + 2009-06-15 16:40 . 2010-07-04 18:31 435908 c:\windows\system32\perfh009.dat - 2009-06-15 16:40 . 2010-07-04 08:50 435908 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1] @="{fe25455d-b4c2-4e32-97d2-92632ec1c224}" [HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}] 2009-11-06 23:07 297808 ----a-w- c:\windows\system32\mscoree.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2] @="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}" [HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}] 2009-11-06 23:07 297808 ----a-w- c:\windows\system32\mscoree.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-13 396800] "SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-05-19 3417336] "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600] "Parental Control"="c:\program files\Parental Control\bin\pcontrol.exe" [2009-03-20 1104384] "LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592] "EasyMode"="c:\program files\\ASUS\\Easy Mode\\Easy Mode.exe" [2009-03-18 1249280] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-06-04 696320] "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304] "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-14 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-14 354840] "PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-12-14 96792] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-16 376832] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-5 604776] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-06-22 06:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin] 2009-12-03 05:31 65536 ----a-w- c:\windows\system32\igdlogin.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AVG\\AVG9\\avgam.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9-12-2009 13:40 52872] R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [1-6-2010 10:48 11448] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9-12-2009 13:40 216400] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9-12-2009 13:40 243024] R1 policyappblockservice;Parental Control Application Filter;c:\program files\Parental Control\bin\policyappblock.sys [2-2-2009 22:22 5120] R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22-6-2010 8:56 921440] R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22-6-2010 8:56 308136] R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [19-5-2009 18:29 107744] R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [16-6-2009 10:05 583360] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [29-4-2009 11:10 38912] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8-4-2010 12:32 20952] R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [16-6-2009 11:38 233512] R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [21-4-2009 13:25 39040] S1 SuperMounter;SuperMounter; [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8-4-2010 12:33 304464] S2 privoxy;privoxy;c:\program files\Privoxy\privoxy.exe --service --> c:\program files\Privoxy\privoxy.exe --service [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16-6-2009 10:06 1684736] S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3-7-2010 1:05 583640] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\documents and settings\Martijn Fransen\Application Data\Mozilla\Firefox\Profiles\am5w77vf.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(3048) c:\program files\ASUS\Eee Storage\XPClient.dll c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll c:\program files\ASUS\Eee Storage\EcaremeDLL.dll c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll c:\windows\system32\btmmhook.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2010-07-04 21:38:57 ComboFix-quarantined-files.txt 2010-07-04 19:38 ComboFix2.txt 2010-07-04 18:46 ComboFix3.txt 2010-07-04 16:45 ComboFix4.txt 2010-07-04 16:17 Pre-Run: 69.522.042.880 bytes beschikbaar Post-Run: 69.512.011.776 bytes beschikbaar - - End Of File - - B595AB3A7F012A7785C7E45D55FF2A40

heej Kape, thanks voor je reactie, ik heb net ergens anders hier ook al een zelfde soort probleem gelezen met de oplossing ervan. ook dmv combofix. dit heb ik uitgevoerd en momenteel doet hij het weer. Ik heb net nog een Hijack uitgevoerd. Deze zal ik hier plaatsen. Maar kun jij zien of er nog iets in zit wat er niet hoort? alvast bedankt.. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:57:34, on 4-7-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\PersistenceThread.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe C:\Program Files\Registry Mechanic\RegMech.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\explorer.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Parental Control] "C:\Program Files\Parental Control\bin\pcontrol.exe" --start O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto O4 - HKLM\..\Run: [EasyMode] "%ProgramFiles%\\ASUS\\Easy Mode\\Easy Mode.exe" --limitedUserImportRegister O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe O4 - HKCU\..\Run: [sRS Premium Sound] "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H O4 - HKUS\S-1-5-21-1237872269-3069003418-4003544512-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator') O4 - HKUS\S-1-5-21-1237872269-3069003418-4003544512-500\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (User 'Administrator') O4 - HKUS\S-1-5-21-1237872269-3069003418-4003544512-500\..\Run: [sRS Premium Sound] "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme (User 'Administrator') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: SuperHybridEngine.lnk = ? O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: privoxy - The Privoxy team - www.privoxy.org - C:\Program Files\Privoxy\privoxy.exe O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- End of file - 10689 bytes

Hallo, Ik heb een vraag. De afgelopen tijd heb ik ineens last van een virus/spyware of iets dergelijks. Ik heb mijn avg antivirus laten draaien, verder heb ik het programma malwarebytes anti-malware laten draaien. Ik krijg het virus er met geen mogelijkheid af. Ik hoop daarom ook dat iemand mij verder kan helpen. Het probleem concreet: Malwarebytes blokkeert continue dezelfde ip adressen wat waarschijnlijk het virus is? 91.207.5.254 en 89.149.241.206 Verder kan ik ik niet in mijn lokaal station (c:) komen. Er wordt dan gevraagd met welk programma ik het bestand wil openen. Ik heb een hijachthis log gemaakt die ik hieronder in het volgende bericht zal plaatsen. En verder heb ik er het de logfile bijgedaan van mijn laatste scan van Malwarebytes. Deze zal ik daar ook bij plaatsen. Hopelijk kunnen jullie mij verder helpen. alvast bedankt, Martijn Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:29:44, on 4-7-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Parental Control\bin\pcontrol.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\PersistenceThread.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ASUS\Eee Docking\Eee Docking.exe C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Registry Mechanic\RegMech.exe C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Parental Control] "C:\Program Files\Parental Control\bin\pcontrol.exe" --start O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto O4 - HKLM\..\Run: [EasyMode] "%ProgramFiles%\\ASUS\\Easy Mode\\Easy Mode.exe" --limitedUserImportRegister O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe O4 - HKCU\..\Run: [sRS Premium Sound] "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-21-1237872269-3069003418-4003544512-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: SuperHybridEngine.lnk = ? O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O20 - Winlogon Notify: igdlogin - igdlogin.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: privoxy - The Privoxy team - Privoxy - Home Page - C:\Program Files\Privoxy\privoxy.exe O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- End of file - 11343 bytes ---------- Post toegevoegd om 14:40 ---------- Vorige post was om 14:39 ---------- Dit is het logbestand van malwarebytes. Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4266 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 2-7-2010 13:24:05 mbam-log-2010-07-02 (13-24-05).txt Scantype: Volledige scan (C:\|) Objecten gescand: 191977 Verstreken tijd: 1 uur/uren, 39 minuut/minuten, 33 seconde(n) Geheugenprocessen geïnfecteerd: 3 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 7 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 25 Geheugenprocessen geïnfecteerd: C:\WINDOWS\Temp\wpv161277975926.exe (Trojan.Dropper) -> Failed to unload process. C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\2633.exe (Packed.Krap) -> Failed to unload process. C:\WINDOWS\Temp\wpv691277976203.exe (Trojan.Dropper) -> Failed to unload process. Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft® system manager (Packed.Krap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dso32 (Spyware.OnlineGames) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\WINDOWS\Temp\wpv161277975926.exe (Trojan.Dropper) -> Delete on reboot. C:\WINDOWS\explorer.exe:userini.exe (Trojan.Dropper) -> Delete on reboot. C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\2633.exe (Packed.Krap) -> Delete on reboot. C:\WINDOWS\Temp\wpv691277976203.exe (Trojan.Dropper) -> Delete on reboot. C:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\219d1d.exe (Packed.Krap) -> Quarantined and deleted successfully. C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\6565867.exe (Packed.Krap) -> Quarantined and deleted successfully. C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\684329.exe (Packed.Krap) -> Quarantined and deleted successfully. C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\690.exe (Packed.Krap) -> Quarantined and deleted successfully. C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\~TM11.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\~TM1A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\~TM4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\~TM8.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\~TM9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Martijn Fransen\Local Settings\Temporary Internet Files\Content.IE5\ESTRTIJ2\update[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Martijn Fransen\Local Settings\Temporary Internet Files\Content.IE5\ESTRTIJ2\default[1].exe (Packed.Krap) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{47B113EA-49A6-41C5-998C-6CE5321200C1}\RP135\A0042069.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{47B113EA-49A6-41C5-998C-6CE5321200C1}\RP135\A0042079.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{47B113EA-49A6-41C5-998C-6CE5321200C1}\RP135\A0042080.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wpv001277975441.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wpv311277560280.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wpv481277975692.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msvcrt2.dll (Malware.Traces) -> Quarantined and deleted successfully. C:\Documents and Settings\Martijn Fransen\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.