nathalie73

Hallo Ik heb mijn laptop terug binnengebracht waar ik hem 1 maand geleden had gekocht en de (incompetente)verkoper heeft me 1 week later mijn laptop teruggegeven met de melding dat er niks aan was en hij heeft alles terug op fabrieksniveau geplaatst.Mijn windows 2010 eraf gehaald...Gelukkig kon ik die terug installeren want ik had die via het werk gekocht met een code waardoor je die eigenlijk alleen maar 1 keer kunt installeren.. Maar er was duidelijk wel wat mis met mijn laptop maar voor die verkoper was de makkelijkste weg om gewoon alles terug op 0 te zetten.. Heel erg bedankt voor jullie inspanning in ieder geval!!

Hello ik heb vanmiddag mijn laptop binnengedragen waar ik hem gekocht heb om te laten nakijken.Zit midden in mijn examens is een beetje minder... Maar ik laat nog weten wat het verdict is!! Heeeeeeeeeeeel erg bedankt voor de moeite mvg Nathalie

Ik geraak tot aan systeemherstel maar dan krijg ik dit,zie bijlage, dus terug geen tekst in de pop-up zodat ik niks kan zien en niet weet op welke tab te drukken. Ik heb al een volledige recovery gedaan maar er is niks veranderd aan de toestand.bv heb ik ook spotify op mijn laptop staan en ook daar is alle tekst weg, alleen nog icoontjes. Nathalie

De batterij was op en de laptop was uitgevallen en toen ik terug de stekker in het stopcontact stopte deed mijn laptop alsof dat ik hem helemaal moest opnieuw instellen.Toen heb ik op de recoveryknop geduwt en basisherstel gevraagd.Maar nu kan ik nergens meer tekst zien in de tabjes.Ik heb nu firefox ingesteld om te internetten.

Ik heb hijackthis wel kunnen downloaden maar het probleem is dat er geen tekst staat in de ballonnetjes dus dat ik geen idee heb op welk ik moet drukken ..ik heb een vb in bijlage gestoken hoe het eruit ziet. Nathalie

Ja dit venster maar met alle vensters is hetzelfde probleem.Er staat geen tekst in de tabjes.Ook als ik probeer om hijackthis te downloaden staat er geen tekst dus weet ik niet op welk ballonnetje te drukken waar ja of nee staat. Ik heb malware uitgevoerd en geen virussen gevonden. mvg Nathalie

Ik heb een samsung laptop en daar is een knop voor recovery.Ik heb gevraagd voor een herstel zonder mijn documenten te veranderen. Maar nu als ik bv naar configuratiescherm ga en op internetopties klik dan krijg ik de pop-up maar ook zonder tekst erin net zoals taakbeheer daar staat ook geen tekst in.En als ik google komt er dus dat mijn internetexplorer niet werkt.Ik heb ook geprobeerd om internetexplorer 9 te downloaden maar dat lukt niet dan komt er terug dat internetexplorer niet werkt. Ik kan wel in mijn browser een internetadres ingeven en dat lukt dan wel maar via google niks. mvg Nathalie

Hallo bedankt voor de tip maar het lukt niet.Als ik op de link druk begint die wil te lopen maar blokkeert dan later. Als ik het doe via extra-internet opties dan komt de pop-up wel maar de tabs zijn leeg er staat geen tekst in... Als ik mijn taakbeheer open hetzelfde er staat geen tekst in de tabs. mvg Nathalie

Als ik in Google iets ingeef komt dit tevoorschijn: "internet explorer werkt niet meer er is een probleem opgetreden waardoor het programma niet meer werkt.Het programma wordt gesloten en er wordt een melding weergegeven als een oplossing beschikbaar is." en ik kan niks meer opzoeken. Het is gekomen nadat ik problemen gehad heb met mijn laptop en recovery heb moeten doen. Kunnen jullie mij helpen?? Heel erg bedankt Nathalie

Hallo alles picobello!! Heeeeeeel erg bedankt !! Nathalie

Hallo ik heb de indruk dat alles opgelost is.....schitterend!!! Een hele dikke merci!!!!! Nathalie

Hier het logje van MBAM. Ik moet wel zeggen dat als ik MBAM heb laten scannen er geen "bekijk resultaten "was. Er werd ook niet gevraagd de pc opnieuw op te starten. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 6268 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 4/04/2011 20:38:50 mbam-log-2011-04-04 (20-38-50).txt Scantype: Snelle scan Objecten gescand: 167309 Verstreken tijd: 13 minuut/minuten, 27 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) hier het logje van hijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:51:03, on 4/04/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17095) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\UMStor\Res.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\nathalie\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [instantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe -update activex O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124454307790 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219569770625 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D5D487A1-C632-4C61-915C-AE196959EEB2} (Competas 2005 StartButton) - http://dbserver.edm.uhasselt.be/competas/info/Competas2005StartV2_0_4_5.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 12718 bytes

Hello ik heb de analyse in een worddocument gezet en in attachment hierbij gevoegd. merci Logfile of Trend Micro HijackThis v2.docx

Hallo ik probeer Hijackthis te installeren maar dit programma wil het niet laten installeren.... Ook valt mijn pc na een tijdje uit en komt er een bericht en dan start hij automatisch terug op. Is er een andere manier om HijackThis uit te voeren? Bedankt

Hallo Toen ik aan het internetten was kwam plots een pop-up met de melding dat ik virussen had op mijn harde schijf. Het programma noemt MS-removal. Het begint je pc te scannen en zegt dan dat je dit en dat virussen hebt maar het kan weg als je een abonnement neemt bij MS removal. Ik annuleer het maar het programma blijft constant terugkomen en ik heb geen toegang tot bepaalde programma's op mijn pc meer. Ik vind het ook niet terug bij software..hoe kan ik dit van mijn PC gooien??? Hartelijk dank

Heel erg bedankt!!Het is al lang lang geleden dat mijn laptop het zo goed heeft gedaan...merciiiiiiiiiiii

Hello het gaat allemaal al een heel stuk vlugger!!Ik denk dat alles in orde is op het moment. Heeeeeeeeel erg bedankt voor de snelle hulp! merciiiiiiiiiiii

Hello dit is de logboek van combofix ComboFix 10-08-07.02 - nathalie 08/08/2010 15:37:45.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1022.508 [GMT 2:00] Gestart vanuit: c:\documents and settings\nathalie\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\nathalie\Bureaublad\CFScript.txt..txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} * Nieuw herstelpunt werd aangemaakt FILE :: "c:\windows\system32\6F4823E4A3.sys" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\6F4823E4A3.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_mailKmd (((((((((((((((((((( Bestanden Gemaakt van 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))) . 2010-08-06 21:00 . 2010-08-06 21:00 -------- d-----w- c:\documents and settings\nathalie\Application Data\Malwarebytes 2010-08-06 21:00 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-06 21:00 . 2010-08-06 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-06 21:00 . 2010-08-06 21:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-06 21:00 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-06 20:25 . 2010-08-06 20:38 -------- d-----w- c:\program files\CodeStuff 2010-08-06 19:12 . 2010-08-06 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\242CE 2010-08-06 18:24 . 2010-08-06 18:24 388096 ----a-r- c:\documents and settings\nathalie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-06 18:24 . 2010-08-06 18:24 -------- d-----w- c:\program files\Trend Micro 2010-08-06 17:36 . 2010-08-06 17:36 61440 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2222d537-n\decora-sse.dll 2010-08-06 17:36 . 2010-08-06 17:36 503808 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30c9c27b-n\msvcp71.dll 2010-08-06 17:36 . 2010-08-06 17:36 499712 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30c9c27b-n\jmc.dll 2010-08-06 17:36 . 2010-08-06 17:36 348160 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30c9c27b-n\msvcr71.dll 2010-08-06 17:36 . 2010-08-06 17:36 12800 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2222d537-n\decora-d3d.dll 2010-08-01 12:02 . 2010-08-01 12:03 -------- d-----w- c:\program files\Graboid 2010-07-26 07:28 . 2010-07-26 07:28 -------- d-----w- c:\windows\system32\wbem\Repository 2010-07-14 09:29 . 2010-08-06 21:41 -------- d-----w- c:\documents and settings\nathalie\Application Data\uTorrent 2010-07-14 08:51 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-11 18:03 . 2010-07-11 18:03 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-07-11 18:01 . 2010-07-11 18:01 -------- d-----w- c:\program files\Common Files\Skype 2010-07-11 18:01 . 2010-07-11 18:01 -------- d-----r- c:\program files\Skype . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-07 18:47 . 2008-04-04 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-08-06 21:43 . 2009-03-26 20:06 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-08-06 21:40 . 2008-04-10 12:36 -------- d-----w- c:\documents and settings\nathalie\Application Data\Skype 2010-08-06 21:12 . 2009-03-26 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-08-06 20:10 . 2008-05-03 11:44 -------- d-----w- c:\documents and settings\nathalie\Application Data\LimeWire 2010-08-06 19:13 . 2008-04-04 20:21 -------- d-----w- c:\documents and settings\nathalie\Application Data\BearShare 2010-08-06 16:26 . 2008-04-10 12:39 -------- d-----w- c:\documents and settings\nathalie\Application Data\skypePM 2010-07-29 07:35 . 2005-09-13 19:03 -------- d-----w- c:\program files\Common Files\Java 2010-07-29 07:34 . 2005-09-13 19:03 -------- d-----w- c:\program files\Java 2010-07-26 07:28 . 2009-09-25 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-26 07:07 . 2008-04-03 14:47 112672 ----a-w- c:\documents and settings\nathalie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-17 03:00 . 2010-05-01 07:27 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-14 09:29 . 2010-04-29 08:38 -------- d-----w- c:\program files\uTorrent 2010-07-11 18:01 . 2008-04-10 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-07-06 14:56 . 2009-09-11 16:23 -------- d-----w- c:\documents and settings\nathalie\Application Data\HpUpdate 2010-06-28 20:09 . 2008-04-09 11:48 -------- d-----w- c:\program files\HP 2010-06-27 09:25 . 2008-04-25 11:22 -------- d-----w- c:\documents and settings\nathalie\Application Data\HP 2010-06-27 09:23 . 2010-06-27 08:56 119666 ----a-w- c:\windows\hpoins11.dat 2010-06-27 09:10 . 2010-06-27 09:10 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-06-24 19:12 . 2005-08-19 10:31 534996 ----a-w- c:\windows\system32\perfh013.dat 2010-06-24 19:12 . 2005-08-19 10:31 100020 ----a-w- c:\windows\system32\perfc013.dat 2010-06-14 14:31 . 2005-08-19 01:43 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-05-26 16:00 . 2010-05-26 16:00 503808 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-57a2017c-n\msvcp71.dll 2010-05-26 16:00 . 2010-05-26 16:00 499712 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-57a2017c-n\jmc.dll 2010-05-26 16:00 . 2010-05-26 16:00 348160 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-57a2017c-n\msvcr71.dll 2010-05-26 16:00 . 2010-05-26 16:00 61440 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46b6790b-n\decora-sse.dll 2010-05-26 16:00 . 2010-05-26 16:00 12800 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46b6790b-n\decora-d3d.dll 2010-05-13 10:31 . 2010-07-26 07:23 225336 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1043.dat 2005-09-14 09:18 . 2005-09-14 09:18 5224 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2010-07-16 10608432] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-30 57344] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248] "RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864] "AGRSMMSG"="AGRSMMSG.exe" [2005-08-24 88203] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-08-17 61440] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-09-02 81920] "PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-09-15 139264] "InstantOn"="c:\programme\CyberLink\PowerCinema Linux\ion_install.exe" [2005-03-25 93640] "USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192] c:\documents and settings\nathalie\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%ProgramFiles%\\Messenger\\msmsgs.exe"= "%WinDir%\\system32\\fxsclnt.exe"= "%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"= "%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"= "%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"= "%ProgramFiles%\\WIDCOMM\\Bluetooth Software\\BTTray.exe"= "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14/11/2009 21:03 108289] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 16:20 135664] S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [13/09/2005 18:20 799744] S3 STV674;Xtra Digital Camera;c:\windows\system32\drivers\STV674.sys --> c:\windows\system32\drivers\STV674.sys [?] S3 STV674m;Xtra Digital Cameram;c:\windows\system32\drivers\STV674m.sys --> c:\windows\system32\drivers\STV674m.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2010-05-04 17:21 124928 ----a-w- c:\windows\system32\advpack.dll . Inhoud van de 'Gedeelde Taken' map 2010-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-08-08 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-03 16:08] 2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:20] 2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:20] 2010-08-06 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2010-08-08 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2010-08-08 c:\windows\Tasks\User_Feed_Synchronization-{2FF403DD-E51B-4DC9-AE35-405659F371CE}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 16:36] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.aldi.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm DPF: {D5D487A1-C632-4C61-915C-AE196959EEB2} - hxxp://dbserver.edm.uhasselt.be/competas/info/Competas2005StartV2_0_4_5.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-08 15:52 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1159B246-0933-86DB-AD593C3CB7051897}\{4B332D01-174C-E53B-FFAF1A8AAD861E31}\{3A54BA3C-24AD-210D-6C7EF9C90D2B01E7}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,14,7e,56, ce,c1,92,0d,e5,6e,36,bc,2c,72,f3,97,11,18,1e,db,84,9f,5f,8a,26,cf,6e,bb,96,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{48FFDBC0-65F5-8101-E6A5E6DD5D6987D3}\{27CA9EF6-7C20-BA5C-F1E964FD391A5DCD}\{EF53C495-2C8A-F63D-BE87F6505A64DD38}*] "J6LUTEVR24DWS6LBRK5JBJYX6E1"=hex:01,00,01,00,00,00,00,00,64,ee,da,6f,cf,9a,c5, 9b,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71AAA611-245D-D09F-882845FC5EAA24CC}\{DFD26894-68B9-4777-FDD1761F9E74CD53}\{F10C9B44-6C01-0B82-830AFBCCD029C402}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,14,7e,56, ce,c1,92,0d,e5,6e,36,bc,2c,72,f3,97,11,18,1e,db,84,9f,5f,8a,26,cf,6e,bb,96,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AB53ABC9-60C7-8B2C-A2AB126EB1F03A59}\{6511FF0A-0202-CA71-9BBA47A5377501DE}\{CE12CB05-B8C7-0E6B-6DC342F04A20B600}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,14,7e,56, ce,c1,92,0d,e5,6e,36,bc,2c,72,f3,97,11,18,1e,db,84,9f,5f,8a,26,cf,6e,bb,96,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6C53DCC-FBE6-A484-895E707488E1192C}\{427B1CEB-CDC7-050B-E6202C9404952D54}\{86A51E58-9B8E-E4EB-26F8074E7F2FD295}*] "J6LUTEVR24DWS6LBRK5JBJYX6E1"=hex:01,00,01,00,00,00,00,00,64,ee,da,6f,cf,9a,c5, 9b,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC36979A-271C-CB21-250CD586E00814A2}\{8EF4E408-9A98-28EF-CDFA1ACBF6ED5141}\{501B0FF8-8336-4915-6C99805756A8837E}*] "J6LUTEVR24DWS6LBRK5JBJYX6E1"=hex:01,00,01,00,00,00,00,00,64,ee,da,6f,cf,9a,c5, 9b,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(924) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2784) c:\progra~1\WINDOW~2\wmpband.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe c:\program files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe c:\windows\RTHDCPL.EXE c:\windows\AGRSMMSG.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Voltooingstijd: 2010-08-08 15:59:46 - machine werd herstart ComboFix-quarantined-files.txt 2010-08-08 13:59 ComboFix2.txt 2010-08-07 06:52 Pre-Run: 4.496.474.112 bytes beschikbaar Post-Run: 4.484.808.704 bytes beschikbaar - - End Of File - - 8597F3236BBFCA162960BEF41F3225B2 en dit is de logboek van hijack Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:14:27, on 8/08/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\WINDOWS\UMStor\Res.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Welcome to ALDI R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [instantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124454307790 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219569770625 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D5D487A1-C632-4C61-915C-AE196959EEB2} (Competas 2005 StartButton) - http://dbserver.edm.uhasselt.be/competas/info/Competas2005StartV2_0_4_5.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 11510 bytes Merci!!!

Hallo ik heb alles gedaan zoals gezegd en dit is het logboek van combofix ComboFix 10-08-06.01 - nathalie 07/08/2010 8:27.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1022.540 [GMT 2:00] Gestart vanuit: c:\documents and settings\nathalie\Bureaublad\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\nathalie\Application Data\EurekaLog c:\documents and settings\nathalie\System c:\documents and settings\nathalie\System\win_qs8.jqx c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF (((((((((((((((((((( Bestanden Gemaakt van 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))) . 2010-08-06 21:00 . 2010-08-06 21:00 -------- d-----w- c:\documents and settings\nathalie\Application Data\Malwarebytes 2010-08-06 21:00 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-06 21:00 . 2010-08-06 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-06 21:00 . 2010-08-06 21:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-06 21:00 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-06 20:25 . 2010-08-06 20:38 -------- d-----w- c:\program files\CodeStuff 2010-08-06 19:12 . 2010-08-06 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\242CE 2010-08-06 18:24 . 2010-08-06 18:24 388096 ----a-r- c:\documents and settings\nathalie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-06 18:24 . 2010-08-06 18:24 -------- d-----w- c:\program files\Trend Micro 2010-08-06 17:36 . 2010-08-06 17:36 61440 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2222d537-n\decora-sse.dll 2010-08-06 17:36 . 2010-08-06 17:36 503808 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30c9c27b-n\msvcp71.dll 2010-08-06 17:36 . 2010-08-06 17:36 499712 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30c9c27b-n\jmc.dll 2010-08-06 17:36 . 2010-08-06 17:36 348160 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-30c9c27b-n\msvcr71.dll 2010-08-06 17:36 . 2010-08-06 17:36 12800 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2222d537-n\decora-d3d.dll 2010-08-01 12:02 . 2010-08-01 12:03 -------- d-----w- c:\program files\Graboid 2010-07-26 07:28 . 2010-07-26 07:28 -------- d-----w- c:\windows\system32\wbem\Repository 2010-07-14 09:29 . 2010-08-06 21:41 -------- d-----w- c:\documents and settings\nathalie\Application Data\uTorrent 2010-07-14 08:51 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-11 18:03 . 2010-07-11 18:03 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-07-11 18:01 . 2010-07-11 18:01 -------- d-----w- c:\program files\Common Files\Skype 2010-07-11 18:01 . 2010-07-11 18:01 -------- d-----r- c:\program files\Skype . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-06 21:43 . 2009-03-26 20:06 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-08-06 21:40 . 2008-04-10 12:36 -------- d-----w- c:\documents and settings\nathalie\Application Data\Skype 2010-08-06 21:12 . 2009-03-26 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-08-06 20:10 . 2008-05-03 11:44 -------- d-----w- c:\documents and settings\nathalie\Application Data\LimeWire 2010-08-06 19:13 . 2008-04-04 20:21 -------- d-----w- c:\documents and settings\nathalie\Application Data\BearShare 2010-08-06 17:46 . 2008-04-04 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-08-06 16:26 . 2008-04-10 12:39 -------- d-----w- c:\documents and settings\nathalie\Application Data\skypePM 2010-07-29 07:35 . 2005-09-13 19:03 -------- d-----w- c:\program files\Common Files\Java 2010-07-29 07:34 . 2005-09-13 19:03 -------- d-----w- c:\program files\Java 2010-07-26 07:28 . 2009-09-25 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-26 07:07 . 2008-04-03 14:47 112672 ----a-w- c:\documents and settings\nathalie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-17 03:00 . 2010-05-01 07:27 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-14 09:29 . 2010-04-29 08:38 -------- d-----w- c:\program files\uTorrent 2010-07-11 18:01 . 2008-04-10 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-07-06 14:56 . 2009-09-11 16:23 -------- d-----w- c:\documents and settings\nathalie\Application Data\HpUpdate 2010-06-28 20:09 . 2008-04-09 11:48 -------- d-----w- c:\program files\HP 2010-06-27 09:25 . 2008-04-25 11:22 -------- d-----w- c:\documents and settings\nathalie\Application Data\HP 2010-06-27 09:23 . 2010-06-27 08:56 119666 ----a-w- c:\windows\hpoins11.dat 2010-06-27 09:10 . 2010-06-27 09:10 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-06-24 19:12 . 2005-08-19 10:31 534996 ----a-w- c:\windows\system32\perfh013.dat 2010-06-24 19:12 . 2005-08-19 10:31 100020 ----a-w- c:\windows\system32\perfc013.dat 2010-06-14 14:31 . 2005-08-19 01:43 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-05-26 16:00 . 2010-05-26 16:00 503808 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-57a2017c-n\msvcp71.dll 2010-05-26 16:00 . 2010-05-26 16:00 499712 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-57a2017c-n\jmc.dll 2010-05-26 16:00 . 2010-05-26 16:00 348160 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-57a2017c-n\msvcr71.dll 2010-05-26 16:00 . 2010-05-26 16:00 61440 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46b6790b-n\decora-sse.dll 2010-05-26 16:00 . 2010-05-26 16:00 12800 ----a-w- c:\documents and settings\nathalie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46b6790b-n\decora-d3d.dll 2010-05-13 10:31 . 2010-07-26 07:23 225336 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1043.dat 2005-09-14 09:18 . 2005-09-14 09:18 8 --sh--r- c:\windows\system32\6F4823E4A3.sys 2005-09-14 09:18 . 2005-09-14 09:18 5224 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2009-05-04 10:56 398776 ----a-w- c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2010-07-16 10608432] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-30 57344] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248] "RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864] "AGRSMMSG"="AGRSMMSG.exe" [2005-08-24 88203] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-08-17 61440] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-09-02 81920] "PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-09-15 139264] "InstantOn"="c:\programme\CyberLink\PowerCinema Linux\ion_install.exe" [2005-03-25 93640] "USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192] c:\documents and settings\nathalie\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%ProgramFiles%\\Messenger\\msmsgs.exe"= "%WinDir%\\system32\\fxsclnt.exe"= "%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"= "%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"= "%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"= "%ProgramFiles%\\WIDCOMM\\Bluetooth Software\\BTTray.exe"= "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14/11/2009 21:03 108289] S1 mailKmd;mailKmd; [x] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 16:20 135664] S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [13/09/2005 18:20 799744] S3 STV674;Xtra Digital Camera;c:\windows\system32\drivers\STV674.sys --> c:\windows\system32\drivers\STV674.sys [?] S3 STV674m;Xtra Digital Cameram;c:\windows\system32\drivers\STV674m.sys --> c:\windows\system32\drivers\STV674m.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2010-05-04 17:21 124928 ----a-w- c:\windows\system32\advpack.dll . Inhoud van de 'Gedeelde Taken' map 2010-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-08-07 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-03 16:08] 2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:20] 2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:20] 2010-08-06 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2010-08-07 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2010-08-07 c:\windows\Tasks\User_Feed_Synchronization-{2FF403DD-E51B-4DC9-AE35-405659F371CE}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 16:36] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.aldi.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm DPF: {D5D487A1-C632-4C61-915C-AE196959EEB2} - hxxp://dbserver.edm.uhasselt.be/competas/info/Competas2005StartV2_0_4_5.cab . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-07 08:44 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1159B246-0933-86DB-AD593C3CB7051897}\{4B332D01-174C-E53B-FFAF1A8AAD861E31}\{3A54BA3C-24AD-210D-6C7EF9C90D2B01E7}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,14,7e,56, ce,c1,92,0d,e5,6e,36,bc,2c,72,f3,97,11,18,1e,db,84,9f,5f,8a,26,cf,6e,bb,96,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{48FFDBC0-65F5-8101-E6A5E6DD5D6987D3}\{27CA9EF6-7C20-BA5C-F1E964FD391A5DCD}\{EF53C495-2C8A-F63D-BE87F6505A64DD38}*] "J6LUTEVR24DWS6LBRK5JBJYX6E1"=hex:01,00,01,00,00,00,00,00,64,ee,da,6f,cf,9a,c5, 9b,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71AAA611-245D-D09F-882845FC5EAA24CC}\{DFD26894-68B9-4777-FDD1761F9E74CD53}\{F10C9B44-6C01-0B82-830AFBCCD029C402}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,14,7e,56, ce,c1,92,0d,e5,6e,36,bc,2c,72,f3,97,11,18,1e,db,84,9f,5f,8a,26,cf,6e,bb,96,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AB53ABC9-60C7-8B2C-A2AB126EB1F03A59}\{6511FF0A-0202-CA71-9BBA47A5377501DE}\{CE12CB05-B8C7-0E6B-6DC342F04A20B600}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,14,7e,56, ce,c1,92,0d,e5,6e,36,bc,2c,72,f3,97,11,18,1e,db,84,9f,5f,8a,26,cf,6e,bb,96,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6C53DCC-FBE6-A484-895E707488E1192C}\{427B1CEB-CDC7-050B-E6202C9404952D54}\{86A51E58-9B8E-E4EB-26F8074E7F2FD295}*] "J6LUTEVR24DWS6LBRK5JBJYX6E1"=hex:01,00,01,00,00,00,00,00,64,ee,da,6f,cf,9a,c5, 9b,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC36979A-271C-CB21-250CD586E00814A2}\{8EF4E408-9A98-28EF-CDFA1ACBF6ED5141}\{501B0FF8-8336-4915-6C99805756A8837E}*] "J6LUTEVR24DWS6LBRK5JBJYX6E1"=hex:01,00,01,00,00,00,00,00,64,ee,da,6f,cf,9a,c5, 9b,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(928) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(520) c:\progra~1\WINDOW~2\wmpband.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe c:\program files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe c:\windows\RTHDCPL.EXE c:\windows\AGRSMMSG.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Voltooingstijd: 2010-08-07 08:52:06 - machine werd herstart ComboFix-quarantined-files.txt 2010-08-07 06:52 Pre-Run: 2.909.974.528 bytes beschikbaar Post-Run: 3.329.200.128 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 0BD5C5C8DC9FB60E9CCBDB73D52BECF1

Hello deze is de nieuwe hijacklog. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:56:19, on 6/08/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\WINDOWS\UMStor\Res.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Welcome to ALDI R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [instantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124454307790 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219569770625 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D5D487A1-C632-4C61-915C-AE196959EEB2} (Competas 2005 StartButton) - http://dbserver.edm.uhasselt.be/competas/info/Competas2005StartV2_0_4_5.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 12165 bytes en deze is de malware log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4400 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 6/08/2010 23:38:02 mbam-log-2010-08-06 (23-38-02).txt Scantype: Snelle scan Objecten gescand: 163935 Verstreken tijd: 35 minuut/minuten, 10 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 10 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully. Hartelijke dank in ieder geval!!

merci heb ik gedaan nu nog zien of het beter gaat.

Explorer ---------- Post toegevoegd om 18:34 ---------- Vorige post was om 18:21 ---------- hallo heel erg bedankt voor het antwoord.Maar helaas gebeurt dit iedere keer als ik mijn pc aanzet dat er een heleboel tekst op mijn pc komt voordat ik op mijn bureaublad kom.Ik denk dat ik ergens iets heb geactiveerd op mijn laptop dat dit iedere keer gebeurt maar wat??? Ik heb in ieder geval eens het kladblok doorgestuurd. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:25:32, on 6/08/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\UMStor\Res.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Welcome to ALDI R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [instantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Snelstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124454307790 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219569770625 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D5D487A1-C632-4C61-915C-AE196959EEB2} (Competas 2005 StartButton) - http://dbserver.edm.uhasselt.be/competas/info/Competas2005StartV2_0_4_5.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 15637 bytes

Hallo als ik mijn pc opstart komt er eerst een blauw scherm en hele opsomming in witte letters en dat duurt een tijdje.Dan als mijn bureaublad zie en op het icoontje druk van internet start internet op maar krijg ik alleen de blauwe balk bovenaan. Na soms 2 of meerdere keren proberen geraak ik eindelijk op internet.Dus om samen te vatten kan het soms tot een kwartier duren voordat ik op het internet geraak.Wat wel een beetje frusterend is.Ik ga op het internet door powerlines en heb toch een snelle internet bij telenet. En mijn pc werkt ook soms ontzettend langzaam .Ik denk dat er zowat vanalles mis mee is. Ik gebruik mijn laptop veel voor mijn studies en het is ontzettend frustrerend als ik wat vlug vooruit wil. Hartelijke dank!!!!