Ga naar inhoud

robin

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    4

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door robin

  1. robin
    Alles schijnt goed te werken nu. Dankuwel. Zou u me nog kunnen zeggen hoe ik dit in de toekomst kan vermijden, of althans de kans ertoe kan verlagen? Welke antispyware en antivirusprogramma's, bij voorkeur gratis, zou u me eventueel kunnen aanraden? Ik gebruik nu Spyware Terminator en Avast. Vriendelijk groet, Robin ComboFix 10-07-24.04 - robin 25/07/2010 22:39:52.2.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.447.94 [GMT 2:00]Gestart vanuit: c:\documents and settings\robin\Mijn documenten\Downloads\ComboFix.exegebruikte Opdracht switches :: c:\documents and settings\robin\Bureaublad\CFScript.txtAV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}FILE ::"c:\program files\McAfee\SiteAdvisor\McSACore.exe""c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP".(((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\McAfee\SiteAdvisor\McSACore.exec:\windows\TEMP\logishrd\LVPrcInj01.dll.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_MCAFEE_SITEADVISOR_SERVICE-------\Service_McAfee SiteAdvisor Service(((((((((((((((((((( Bestanden Gemaakt van 2010-06-25 to 2010-07-25 )))))))))))))))))))))))))))))).2010-07-24 22:30 . 2010-07-24 22:30 -------- d-----w- c:\documents and settings\robin\Application Data\Malwarebytes2010-07-24 22:29 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-07-24 22:29 . 2010-07-24 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-07-24 22:29 . 2010-07-24 22:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-07-24 22:29 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-07-24 17:55 . 2010-07-24 17:55 -------- d-----w- c:\program files\Enigma Software Group2010-07-24 17:53 . 2010-07-25 08:34 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP2010-07-24 10:31 . 2010-07-25 08:33 -------- d-----w- c:\program files\Spybot - Search & Destroy2010-07-24 10:31 . 2010-07-25 08:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-07-15 17:48 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe2010-07-11 19:02 . 2010-07-11 19:02 226280 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat.((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-07-25 20:53 . 2009-03-17 17:24 12 ----a-w- c:\windows\bthservsdp.dat2010-07-24 22:28 . 2010-06-06 10:48 -------- d-----w- c:\program files\Vuze_Remote2010-07-24 17:53 . 2007-05-20 17:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard2010-07-24 14:10 . 2007-03-29 10:13 -------- d-----w- c:\documents and settings\robin\Application Data\Azureus2010-07-24 09:49 . 2009-02-24 11:06 -------- d-----w- c:\documents and settings\robin\Application Data\Spyware Terminator2010-07-24 09:49 . 2009-02-24 11:05 -------- d-----w- c:\program files\Spyware Terminator2010-07-10 09:48 . 2010-06-06 10:51 -------- d-----w- c:\documents and settings\robin\Application Data\TuneUpMedia2010-07-02 19:54 . 2004-09-10 16:24 91836 ----a-w- c:\windows\system32\perfc013.dat2010-07-02 19:54 . 2004-09-10 16:24 512196 ----a-w- c:\windows\system32\perfh013.dat2010-06-26 09:15 . 2009-02-18 18:13 -------- d-----w- c:\program files\Mozilla Thunderbird2010-06-23 16:58 . 2009-02-20 17:54 -------- d-----w- c:\program files\Alwil Software2010-06-20 11:37 . 2010-06-20 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software2010-06-19 17:52 . 2010-06-19 17:52 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat2010-06-19 17:37 . 2007-08-02 19:14 -------- d-----w- c:\program files\MAGIX2010-06-19 17:25 . 2009-12-16 18:50 -------- d-----w- c:\documents and settings\robin\Application Data\vlc2010-06-19 14:20 . 2010-06-19 14:20 -------- d-----w- c:\documents and settings\robin\Application Data\CANON INC2010-06-19 14:15 . 2010-06-19 14:15 -------- d-----w- c:\documents and settings\robin\Application Data\ZoomBrowser EX2010-06-19 14:09 . 2010-06-19 14:06 -------- d-----w- c:\program files\Canon2010-06-19 14:07 . 2010-06-19 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser2010-06-19 14:05 . 2010-06-19 14:05 -------- d-----w- c:\program files\Common Files\Canon2010-06-14 14:31 . 2004-09-10 16:46 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe2010-06-06 10:52 . 2010-06-06 10:51 -------- d-----w- c:\program files\TuneUpMedia2010-06-06 10:52 . 2010-06-06 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia2010-06-06 10:49 . 2007-03-29 10:13 -------- d-----w- c:\program files\Azureus2010-05-06 20:59 . 2009-02-20 17:54 38848 ----a-w- c:\windows\system32\avastSS.scr2010-05-06 20:59 . 2009-02-20 17:54 165032 ----a-w- c:\windows\system32\aswBoot.exe2010-05-06 20:39 . 2009-02-20 17:54 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys2010-05-06 20:39 . 2009-02-20 17:54 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys2010-05-06 20:34 . 2009-02-20 17:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys2010-05-06 20:33 . 2009-02-20 17:54 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys2010-05-06 20:33 . 2009-02-20 17:54 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys2010-05-06 20:33 . 2009-02-20 17:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2010-05-06 20:33 . 2009-02-20 17:54 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys2010-05-04 17:21 . 2004-09-10 16:23 832512 ----a-w- c:\windows\system32\wininet.dll2010-05-04 17:21 . 2004-09-10 16:23 78336 ----a-w- c:\windows\system32\ieencode.dll2010-05-04 17:21 . 2004-09-10 16:22 17408 ----a-w- c:\windows\system32\corpol.dll2010-05-02 08:10 . 2004-09-10 16:23 1851392 ----a-w- c:\windows\system32\win32k.sys2008-05-07 15:21 . 2008-05-07 15:21 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll.((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Google Update"="c:\documents and settings\robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]"SiSPower"="SiSPower.dll" [2005-01-04 49152]"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-01-28 110740]"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-23 180269]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-12-23 331776][HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnkbackup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnkbackup=c:\windows\pss\Microsoft Office.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^robin^Menu Start^Programma's^Opstarten^OpenOffice.org 2.2.lnk]path=c:\documents and settings\robin\Menu Start\Programma's\Opstarten\OpenOffice.org 2.2.lnkbackup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]2008-05-07 15:21 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2008-09-03 08:02 133104 ----atw- c:\documents and settings\robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2010-03-25 23:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]2001-07-09 02:50 155648 ------w- c:\windows\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]2004-08-04 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]2004-08-04 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]2005-12-23 16:50 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\APPS\\skype\\Plugin Manager\\skypePM.exe"="c:\\APPS\\skype\\Phone\\Skype.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Azureus\\Azureus.exe"=R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/12/2009 21:02 691696]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/02/2009 19:54 164048]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/02/2009 19:54 19024]S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/05/2008 17:21 29744]S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2/08/2007 21:25 544768].Inhoud van de 'Gedeelde Taken' map2010-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]2010-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2583418722-3294852817-929582458-1006Core1cac81c4971c434.job- c:\documents and settings\robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:02]2010-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2583418722-3294852817-929582458-1006UA.job- c:\documents and settings\robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:02]2006-03-24 c:\windows\Tasks\Herinnering voor registratie 1.job- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 17:03]2006-03-30 c:\windows\Tasks\Herinnering voor registratie 2.job- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 17:03]2006-04-06 c:\windows\Tasks\Herinnering voor registratie 3.job- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 17:03]2010-07-24 c:\windows\Tasks\OGADaily.job- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]2010-07-25 c:\windows\Tasks\OGALogon.job- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]2010-07-25 c:\windows\Tasks\User_Feed_Synchronization-{36ADF112-8487-4368-AA13-0B5922685A03}.job- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]..------- Bijkomende Scan -------.uStart Page = hxxp://www.google.comuDefault_Search_URL = hxxp://www.google.com/iemStart Page = hxxp://www.google.comuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.comuSearchURL,(Default) = hxxp://www.google.com/keyword/%sIE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlIE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlIE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlIE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlIE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlFF - ProfilePath - c:\documents and settings\robin\Application Data\Mozilla\Firefox\Profiles\yb49l6c5.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://symbaloo.comFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-07-25 22:57Windows 5.1.2600 Service Pack 3 NTFSscannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerondverborgen bestanden: 0**************************************************************************Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.netdevice: opened successfullyuser: MBR read successfullycalled modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spla.sys >>UNKNOWN [0x84DCA938]<< kernel: MBR read successfullydetected MBR rootkit hooks:\Driver\Disk -> CLASSPNP.SYS @ 0xf76dcf28\Driver\ACPI -> ACPI.sys @ 0xf73e3cb8\Driver\atapi -> atapi.sys @ 0xf739eb40IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014 ParseProcedure -> ntkrnlpa.exe @ 0x80577c76\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014 ParseProcedure -> ntkrnlpa.exe @ 0x80577c76NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7263bd4 PacketIndicateHandler -> NDIS.sys @ 0xf726fa21 SendHandler -> NDIS.sys @ 0xf7263d44user & kernel MBR OK **************************************************************************.--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]"3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]"AB141C35E9F4BF344B9FC010BB17F68A"="".--------------------- DLLs Geladen Onder Lopende Processen ---------------------- - - - - - - > 'explorer.exe'(5524)c:\windows\system32\msls31.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Andere Aktieve Processen ------------------------.c:\program files\Alwil Software\Avast5\AvastSvc.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\apps\Powercinema\Kernel\TV\CLCapSvc.exec:\apps\Powercinema\Kernel\TV\CLSched.exec:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exec:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exec:\apps\HIDSERVICE\HIDSERVICE.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\CDBurnerXP\NMSAccessU.exec:\program files\Spyware Terminator\sp_rsser.exec:\windows\SOUNDMAN.EXEc:\windows\system32\rundll32.exec:\program files\Canon\CAL\CALMAIN.exec:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exec:\program files\iPod\bin\iPodService.exec:\program files\Java\jre6\bin\jucheck.exe.**************************************************************************.Voltooingstijd: 2010-07-25 23:08:03 - machine werd herstartComboFix-quarantined-files.txt 2010-07-25 21:07ComboFix2.txt 2010-07-25 18:07Pre-Run: 34.349.375.488 bytes beschikbaarPost-Run: 34.350.534.656 bytes beschikbaar- - End Of File - - A55AC52B529DC8D1A4550708ED6D26B3
  2. robin
    Hier alvast de inhoud van de 2 logbestanden Met hartelijke groet, Robin ComboFix 10-07-24.03 - robin 25/07/2010 19:39:22.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.447.133 [GMT 2:00] Gestart vanuit: c:\documents and settings\robin\Mijn documenten\Downloads\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\vlc-0.9.6-win32.exe c:\documents and settings\robin\Application Data\.# c:\documents and settings\robin\Application Data\.#\MBX@2A8@3932E8.### c:\documents and settings\robin\Application Data\.#\MBX@2A8@3932F8.### c:\documents and settings\robin\Application Data\.#\MBX@2A8@393308.### c:\documents and settings\robin\Application Data\Dealio c:\documents and settings\robin\Application Data\Dealio\res\widgets.xml c:\documents and settings\robin\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml c:\documents and settings\robin\Application Data\F68812F5794BABD1427FEE5017BE4010 c:\documents and settings\robin\Application Data\F68812F5794BABD1427FEE5017BE4010\enemies-names.txt c:\documents and settings\robin\Application Data\F68812F5794BABD1427FEE5017BE4010\local.ini c:\documents and settings\robin\Application Data\F68812F5794BABD1427FEE5017BE4010\lsrslt.ini c:\documents and settings\robin\Application Data\F68812F5794BABD1427FEE5017BE4010\setupupdate70700.exe c:\documents and settings\robin\Application Data\inst.exe c:\documents and settings\robin\System c:\documents and settings\robin\System\win_qs8.jqx c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\FF\chrome.manifest c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul c:\program files\Dealio Toolbar\FF\chrome\content\login.js c:\program files\Dealio Toolbar\FF\chrome\content\login.xul c:\program files\Dealio Toolbar\FF\chrome\content\parser.js c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css c:\program files\Dealio Toolbar\FF\components\config.ini c:\program files\Dealio Toolbar\FF\components\dealioToolbarFF.dll c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt c:\program files\Dealio Toolbar\FF\install.rdf c:\program files\Dealio Toolbar\IE\4.0.2\config.ini c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml c:\program files\Dealio Toolbar\WidgiHelper.exe c:\program files\Search Settings c:\program files\Search Settings\FF\chrome.manifest c:\program files\Search Settings\FF\chrome\content\plugin.js c:\program files\Search Settings\FF\chrome\content\plugin.xul c:\program files\Search Settings\FF\chrome\content\protection.js c:\program files\Search Settings\FF\chrome\content\utils.js c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties c:\program files\Search Settings\FF\components\IFBHOSearch.xpt c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt c:\program files\Search Settings\FF\components\SearchSettingsFF.dll c:\program files\Search Settings\FF\install.rdf c:\program files\Search Settings\SearchSettings.exe c:\program files\Search Settings\SearchSettingsRes409.dll . (((((((((((((((((((( Bestanden Gemaakt van 2010-06-25 to 2010-07-25 )))))))))))))))))))))))))))))) . 2010-07-24 22:30 . 2010-07-24 22:30 -------- d-----w- c:\documents and settings\robin\Application Data\Malwarebytes 2010-07-24 22:29 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-24 22:29 . 2010-07-24 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-24 22:29 . 2010-07-24 22:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-24 22:29 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-24 17:55 . 2010-07-24 17:55 -------- d-----w- c:\program files\Enigma Software Group 2010-07-24 17:53 . 2010-07-25 08:34 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP 2010-07-24 10:31 . 2010-07-25 08:33 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-07-24 10:31 . 2010-07-25 08:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-07-15 17:48 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-11 19:02 . 2010-07-11 19:02 226280 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-25 17:55 . 2009-03-17 17:24 12 ----a-w- c:\windows\bthservsdp.dat 2010-07-24 22:28 . 2010-06-06 10:48 -------- d-----w- c:\program files\Vuze_Remote 2010-07-24 17:53 . 2007-05-20 17:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-07-24 14:10 . 2007-03-29 10:13 -------- d-----w- c:\documents and settings\robin\Application Data\Azureus 2010-07-24 09:49 . 2009-02-24 11:06 -------- d-----w- c:\documents and settings\robin\Application Data\Spyware Terminator 2010-07-24 09:49 . 2009-02-24 11:05 -------- d-----w- c:\program files\Spyware Terminator 2010-07-10 09:48 . 2010-06-06 10:51 -------- d-----w- c:\documents and settings\robin\Application Data\TuneUpMedia 2010-07-02 19:54 . 2004-09-10 16:24 91836 ----a-w- c:\windows\system32\perfc013.dat 2010-07-02 19:54 . 2004-09-10 16:24 512196 ----a-w- c:\windows\system32\perfh013.dat 2010-06-26 09:15 . 2009-02-18 18:13 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-06-23 16:58 . 2009-02-20 17:54 -------- d-----w- c:\program files\Alwil Software 2010-06-20 11:37 . 2010-06-20 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-06-19 17:52 . 2010-06-19 17:52 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-06-19 17:37 . 2007-08-02 19:14 -------- d-----w- c:\program files\MAGIX 2010-06-19 17:25 . 2009-12-16 18:50 -------- d-----w- c:\documents and settings\robin\Application Data\vlc 2010-06-19 14:20 . 2010-06-19 14:20 -------- d-----w- c:\documents and settings\robin\Application Data\CANON INC 2010-06-19 14:15 . 2010-06-19 14:15 -------- d-----w- c:\documents and settings\robin\Application Data\ZoomBrowser EX 2010-06-19 14:09 . 2010-06-19 14:06 -------- d-----w- c:\program files\Canon 2010-06-19 14:07 . 2010-06-19 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser 2010-06-19 14:05 . 2010-06-19 14:05 -------- d-----w- c:\program files\Common Files\Canon 2010-06-14 14:31 . 2004-09-10 16:46 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-06 10:52 . 2010-06-06 10:51 -------- d-----w- c:\program files\TuneUpMedia 2010-06-06 10:52 . 2010-06-06 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia 2010-06-06 10:52 . 2010-06-06 10:52 6123008 ----a-w- c:\documents and settings\robin\Application Data\Azureus\plugins\azemp\vuzeplayer.exe 2010-06-06 10:49 . 2007-03-29 10:13 -------- d-----w- c:\program files\Azureus 2010-06-06 10:48 . 2010-06-06 10:48 101376 ----a-w- c:\documents and settings\robin\Application Data\Mozilla\Firefox\Profiles\yb49l6c5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll 2010-06-06 10:48 . 2010-06-06 10:48 52224 ----a-w- c:\documents and settings\robin\Application Data\Mozilla\Firefox\Profiles\yb49l6c5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll 2010-05-24 11:57 . 2010-05-24 11:57 503808 ----a-w- c:\documents and settings\robin\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-28a55879-n\msvcp71.dll 2010-05-24 11:57 . 2010-05-24 11:57 499712 ----a-w- c:\documents and settings\robin\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-28a55879-n\jmc.dll 2010-05-24 11:57 . 2010-05-24 11:57 348160 ----a-w- c:\documents and settings\robin\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-28a55879-n\msvcr71.dll 2010-05-06 20:59 . 2009-02-20 17:54 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-05-06 20:59 . 2009-02-20 17:54 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-05-06 20:39 . 2009-02-20 17:54 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-05-06 20:39 . 2009-02-20 17:54 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-05-06 20:34 . 2009-02-20 17:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-05-06 20:33 . 2009-02-20 17:54 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-05-06 20:33 . 2009-02-20 17:54 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-05-06 20:33 . 2009-02-20 17:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-05-06 20:33 . 2009-02-20 17:54 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-05-04 17:21 . 2004-09-10 16:23 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:21 . 2004-09-10 16:23 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:21 . 2004-09-10 16:22 17408 ----a-w- c:\windows\system32\corpol.dll 2010-05-02 08:10 . 2004-09-10 16:23 1851392 ----a-w- c:\windows\system32\win32k.sys 2008-05-07 15:21 . 2008-05-07 15:21 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824] "SiSPower"="SiSPower.dll" [2005-01-04 49152] "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-01-28 110740] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-23 180269] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-12-23 331776] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^robin^Menu Start^Programma's^Opstarten^OpenOffice.org 2.2.lnk] path=c:\documents and settings\robin\Menu Start\Programma's\Opstarten\OpenOffice.org 2.2.lnk backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2008-05-07 15:21 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-09-03 08:02 133104 ----atw- c:\documents and settings\robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-03-25 23:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 02:50 155648 ------w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] 2004-08-04 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] 2004-08-04 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2005-12-23 16:50 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\APPS\\skype\\Plugin Manager\\skypePM.exe"= "c:\\APPS\\skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/02/2009 19:54 164048] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/02/2009 19:54 19024] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [1/10/2008 11:38 203280] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/05/2008 17:21 29744] S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2/08/2007 21:25 544768] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/12/2009 21:02 691696] . Inhoud van de 'Gedeelde Taken' map 2010-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34] 2010-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2583418722-3294852817-929582458-1006Core1cac81c4971c434.job - c:\documents and settings\robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:02] 2010-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2583418722-3294852817-929582458-1006UA.job - c:\documents and settings\robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:02] 2006-03-24 c:\windows\Tasks\Herinnering voor registratie 1.job - c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 17:03] 2006-03-30 c:\windows\Tasks\Herinnering voor registratie 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 17:03] 2006-04-06 c:\windows\Tasks\Herinnering voor registratie 3.job - c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 17:03] 2010-07-24 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2010-07-25 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2010-07-24 c:\windows\Tasks\User_Feed_Synchronization-{36ADF112-8487-4368-AA13-0B5922685A03}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 10:58] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html FF - ProfilePath - c:\documents and settings\robin\Application Data\Mozilla\Firefox\Profiles\yb49l6c5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://symbaloo.com FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw= FF - component: c:\documents and settings\robin\Application Data\Mozilla\Firefox\Profiles\yb49l6c5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll FF - component: c:\documents and settings\robin\Application Data\Mozilla\Firefox\Profiles\yb49l6c5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\robin\Application Data\Mozilla\Firefox\Profiles\yb49l6c5.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS VERWIJDERD - - - - MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe MSConfigStartUp-TrayServer - c:\program files\MAGIX\Film_op_CD_DVD_6\TrayServer.exe AddRemove-CDA Converter Plus - c:\program files\CDA Converter Plus\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-25 19:58 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "AB141C35E9F4BF344B9FC010BB17F68A"="" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(7128) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\windows\system32\msls31.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\SOUNDMAN.EXE c:\windows\system32\rundll32.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe c:\apps\Powercinema\Kernel\TV\CLSched.exe c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\apps\HIDSERVICE\HIDSERVICE.exe c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Spyware Terminator\sp_rsser.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Voltooingstijd: 2010-07-25 20:07:35 - machine werd herstart ComboFix-quarantined-files.txt 2010-07-25 18:07 Pre-Run: 34.234.269.696 bytes beschikbaar Post-Run: 34.346.950.656 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 422747F4229191BA55F128918C7F1D4C ogfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:19:04, on 25/07/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Apps\Powercinema\PCMService.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\sistray.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\robin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\robin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\robin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\robin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\robin\Mijn documenten\Downloads\HijackThis (4).exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\benl.htm O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9815 bytes
  3. robin
    Hallo, Ik heb je aanwijzigingen gevolgd, alles lijkt in orde nu waarvoor hartelijk bedankt. Onder Mijn programma's staat wel nog steeds Anti Malware Doctor. Volstaat het om dat gewoon te deleten? Hieronder je gevraagde logfiles Nogmaals hartelijk bedankt voor de snelle en professionele hulp! Robin alwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4345 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 25/07/2010 9:47:13 mbam-log-2010-07-25 (09-47-13).txt Scantype: Snelle scan Objecten gescand: 155950 Verstreken tijd: 14 minuut/minuten, 56 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 13 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 6 Mappen geïnfecteerd: 2 Bestanden geïnfecteerd: 10 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\xbtb05988.ietoolbar (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xbtb05988.ietoolbar.1 (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\System\CurrentControlSet\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.85.0 (Adware.Zango) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programma's\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\robin\Local Settings\Temporary Internet Files\Content.IE5\IFFKCSBS\setupupdate70700[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programma's\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programma's\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Programma's\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Documents and Settings\robin\Bureaublad\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\robin\Menu Start\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\robin\delself.bat (Malware.Trace) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:41:37, on 25/07/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Apps\Powercinema\PCMService.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\robin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\robin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\robin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\robin\Mijn documenten\Downloads\HijackThis (4).exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\benl.htm O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/robin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 10381 bytes
  4. robin
    Hallo, anti malware doctor is ook op mijn PC binnengeslopen. In bijlage mijn Hijack logfile. Alvast bedankt, Robin [ATTACH]5649[/ATTACH] hijackthis.log
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.