Ga naar inhoud

bestantivirus2011.exe


Aanbevolen berichten

  • Reacties 39
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

logje is verschenen (zonder veilige modus):

dit stond er:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:26:36, on 24/03/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

C:\Program Files\CA\eTrust Antivirus\InoRT.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\PC Tools Security\pctsAuxs.exe

C:\Program Files\PC Tools Security\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\PC Tools Security\pctsGui.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Medion Info Display\MdionLCM.exe

C:\WINDOWS\system32\CmUCReye.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\CNYHKey.exe

C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe

C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\AVAST Software\Avast\setup\avast.setup

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\MD40323\ICON.EXE

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\ScanWizard 5\ScannerFinder.exe

D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Rainlendar\Rainlendar.exe

K:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: myBabylon English - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"

O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe

O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s

O4 - HKLM\..\Run: [instantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [sCM] c:\program files\silver crest memory adapter tools2.93\scma.exe sys_auto_run C:\Program Files\Silver Crest Memory Adapter Tools2.93

O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe

O4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [b2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uNILEX] C:\Program Files\Easy Computing\De Grote Encyclopedie '99\tft.exe

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\DE KEYSER Michaël\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spyware Doctor] C:\Documents and Settings\DE KEYSER Michaël\Bureaublad\sdsetup_revwire207.exe -min

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe

O4 - Global Startup: 2Mega Camera Manager Monitor.lnk = ?

O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe

O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130364442791

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://D:\Program Files\Land Desktop 3\AcDcToday.ocx

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\Land Desktop 3\AcPreview.ocx

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Version Cue CS3 {nl_NL} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe

O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Windows Media Player Network Sharing-service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 20334 bytes

Link naar reactie
Delen op andere sites

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [b2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites

Dit is de MBAM log:

(niets gevonden, maar is dat niet logisch? Ik deed voor ik op dit forum terechtkwam reeds een MBAM op aanraden van mijn schoonvader, en toen heeft ie +/-160 mappen en bestanden geïnfecteerd verwijderd.)

Nog een HJT nodig? Of wil iemand het MBAM-logje van eergister zien?

Malwarebytes' Anti-Malware 1.50.1.1100

Malwarebytes

Databaseversie: 6164

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

25/03/2011 8:28:00

mbam-log-2011-03-25 (08-28-00).txt

Scantype: Snelle scan

Objecten gescand: 226509

Verstreken tijd: 17 minuut/minuten, 2 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

---------- Post toegevoegd om 08:32 ---------- Vorige post was om 08:28 ----------

in afwachting toch het HJT-logje ook gemaakt:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:35:53, on 25/03/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

C:\Program Files\CA\eTrust Antivirus\InoRT.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\PC Tools Security\pctsAuxs.exe

C:\Program Files\PC Tools Security\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\PC Tools Security\pctsGui.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Medion Info Display\MdionLCM.exe

C:\WINDOWS\system32\CmUCReye.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\CNYHKey.exe

C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe

C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\MD40323\ICON.EXE

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\ScanWizard 5\ScannerFinder.exe

D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Rainlendar\Rainlendar.exe

K:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: myBabylon English - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"

O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe

O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s

O4 - HKLM\..\Run: [instantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [sCM] c:\program files\silver crest memory adapter tools2.93\scma.exe sys_auto_run C:\Program Files\Silver Crest Memory Adapter Tools2.93

O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe

O4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uNILEX] C:\Program Files\Easy Computing\De Grote Encyclopedie '99\tft.exe

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\DE KEYSER Michaël\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spyware Doctor] C:\Documents and Settings\DE KEYSER Michaël\Bureaublad\sdsetup_revwire207.exe -min

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe

O4 - Global Startup: 2Mega Camera Manager Monitor.lnk = ?

O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe

O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130364442791

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://D:\Program Files\Land Desktop 3\AcDcToday.ocx

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\Land Desktop 3\AcPreview.ocx

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Version Cue CS3 {nl_NL} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe

O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Windows Media Player Network Sharing-service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 19554 bytes

---------- Post toegevoegd om 08:37 ---------- Vorige post was om 08:32 ----------

en voor de volledigheid geef ik ook nog het logje van MBAM mee dat ik op 23/03 maakte:

Malwarebytes' Anti-Malware 1.50.1.1100

Malwarebytes

Databaseversie: 6145

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

23/03/2011 21:54:13

mbam-log-2011-03-23 (21-54-13).txt

Scantype: Snelle scan

Objecten gescand: 226358

Verstreken tijd: 19 minuut/minuten, 40 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 5

Registerwaarden geïnfecteerd: 1

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 5

Bestanden geïnfecteerd: 158

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\REAL\WEATHERBUG\MINIBUGTRANSPORTER.DLL (Adware.Minibug) -> Value: MINIBUGTRANSPORTER.DLL -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

c:\program files\Wav (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8 (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9 (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

c:\program files\common files\Real\weatherbug\minibugtransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

c:\documents and settings\de keyser michaël\local settings\Temp\keyfinder.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1618.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F277.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F100.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F108.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F11.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1147.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1155.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1192.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F12.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1231.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F13.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1326.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1385.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1405.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F148.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1481.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F151.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1530.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1550.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1559.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F156.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1643.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1656.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1671.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1683.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F170.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F174.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1740.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F175.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1759.wav (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F1764.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F188.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F198.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F203.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F207.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F218.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F228.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F233.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F242.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F246.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F292.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F295.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F307.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F328.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F350.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F364.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F379.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F390.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F401.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F43.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F44.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F445.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F452.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F492.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F493.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F502.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F544.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F579.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F676.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F718.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F740.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F759.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F800.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F815.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F840.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F876.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F901.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F912.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F943.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F950.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod8\F\F975.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F174.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F260.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F376.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F104.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F107.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F108.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F111.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F122.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F127.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F129.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F131.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F141.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F144.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F15.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F151.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F152.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F154.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F156.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F158.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F159.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F170.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F172.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F176.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F181.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F187.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F197.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F198.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F210.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F214.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F219.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F22.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F227.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F23.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F231.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F234.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F237.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F248.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F249.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F25.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F254.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F259.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F261.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F266.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F271.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F285.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F287.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F288.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F292.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F297.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F323.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F325.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F336.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F341.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F344.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F35.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F359.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F362.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F367.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F37.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F371.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F378.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F395.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F398.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F404.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F411.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F421.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F424.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F426.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F431.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F434.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F436.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F440.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F444.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F6.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F7.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F70.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F72.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F73.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F75.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F78.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F8.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F82.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F90.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F91.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

c:\program files\Wav\Mod9\F\F98.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

Link naar reactie
Delen op andere sites

en toen ik gister naar het werk vertrok (nog steeds voor ik bij jullie terechtkwam) zette ik een volledige systeemscan in, dus gn snelle scan. daarbij werden ook nog 2 bedreigingen gevonden. Logje van MBAM hieronder:

Malwarebytes' Anti-Malware 1.50.1.1100

Malwarebytes

Databaseversie: 6145

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

24/03/2011 17:40:52

mbam-log-2011-03-24 (17-40-52).txt

Scantype: Volledige scan (C:\|D:\|E:\|)

Objecten gescand: 504114

Verstreken tijd: 3 uur/uren, 49 minuut/minuten, 24 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 2

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

c:\program files\flac to mp3 converter\all2mp3.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\autostretch_hsv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.