Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Een hele goede avond. Mijn pc gaat regelmatig in de reboot waarna de melding uw pc is hersteld van een ernstige fout. Ook opent i.e de eerste 5a 10 x niet. Krijg dan een half scherm en poef weer weg. Soms neemt i.e niet eens de moeite om hem te openen ;-(.

Ook de updates blijft hij maar doen opnieuw en opnieuw. Soms wel drie of vier x per dag. Als ik ze uitzet en dan windows update draai zegt hij dat ze weer aanmoeten. Veel programma's lopen vast of traag. Om gek van te worden.

Ik heb al vele dingen geprobeerd via jullie advies bij andere gebruikers. Ik heb malware en cc cleaner al gedraaid maar helpt niks.

Hierbij mij hijack log.Hoop dat jullie er wijs uit worden.

Met vriendelijke groet michel

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:26, on 2012-11-25

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Samsung\AllShare\AllShareAgent.exe

C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Samsung\AllShare\AllShare.exe

C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/

O16 - DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - http://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab

O16 - DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 11450 bytes

  • Reacties 24
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

Geplaatst:

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Geplaatst:

Bedankt voor je reactie.

Helaas is mijn pc niet sneller geworden en i.e is nog traag met openen en soms doet hij niks.

Computers zijn handig maar dan moeten ze wel goed werken. Hierbij mijn logs.

alwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Databaseversie: v2012.11.26.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

michel :: AVENGER [administrator]

2012-11-28 16:13

mbam-log-2012-11-28 (16-13-29).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 284763

Verstreken tijd: 36 minuut/minuten, 31 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

hijack log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:08, on 2012-11-28

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Samsung\AllShare\AllShareAgent.exe

C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\FileHippo.com\UpdateChecker.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"

O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/

O16 - DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - http://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab

O16 - DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353920875687

O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 11523 bytes

- - - Updated - - -

Bedankt voor je reactie.

Helaas is mijn pc niet sneller geworden en i.e is nog traag met openen en soms doet hij niks.

Computers zijn handig maar dan moeten ze wel goed werken. Hierbij mijn logs.

alwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Databaseversie: v2012.11.26.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

michel :: AVENGER [administrator]

2012-11-28 16:13

mbam-log-2012-11-28 (16-13-29).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 284763

Verstreken tijd: 36 minuut/minuten, 31 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

hijack log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:08, on 2012-11-28

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Samsung\AllShare\AllShareAgent.exe

C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\FileHippo.com\UpdateChecker.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hyves.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"

O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/

O16 - DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - http://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab

O16 - DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353920875687

O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 11523 bytes

Geplaatst:

Ga naar Start - Alle programma's - Bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor “uitvoeren als administrator” om het opdrachtprompt te openen.

Tik in: sc stop npggsvc en druk op Enter.

Tik in: sc delete npggsvc en druk op Enter.

Tik in exit en druk Enter.

Als je op een van deze instructies een foutmelding krijgt, ga dan gewoon door met de volgende instructie.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Geplaatst:

ik kon de eerste stappen niet doen want krijg in opdrachtprompt een foutmelding. Geen toegang. Maar er stond ook geen administrator bij de opties. Pc is al iets stabieler maar nog traag.

Fijne avond

ComboFix 11-10-15.04 - michel 2011-10-16 17:02:20.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1022.478 [GMT 2:00]

Gestart vanuit: c:\documents and settings\michel\Bureaublad\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\michel\Application Data\PriceGong

c:\windows\IsUn0413.exe

c:\windows\system32\CF23235.exe

c:\windows\system32\d3d9caps.dat

c:\windows\system32\Thumbs.db

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-16 to 2011-10-16 ))))))))))))))))))))))))))))))

.

.

2011-10-16 14:47 . 2011-10-16 14:47 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54D8E55D-A0D9-4208-901D-1677F91619A5}\MpKsle5acfa5e.sys

2011-10-16 14:47 . 2011-10-16 14:47 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54D8E55D-A0D9-4208-901D-1677F91619A5}\offreg.dll

2011-10-16 14:28 . 2011-10-16 14:31 -------- d--h--r- c:\documents and settings\michel\Onlangs geopend

2011-10-15 23:50 . 2011-09-12 23:14 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54D8E55D-A0D9-4208-901D-1677F91619A5}\mpengine.dll

2011-10-11 16:00 . 2011-10-11 16:00 -------- d-----w- c:\documents and settings\michel\Application Data\Alawar

2011-10-11 16:00 . 2011-10-11 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar

2011-10-11 15:36 . 2011-10-11 15:45 -------- d-----w- c:\documents and settings\michel\DoctorWeb

2011-10-11 14:36 . 2011-10-11 14:36 -------- d-----w- c:\program files\Alawar

2011-10-11 14:32 . 2011-10-11 14:32 -------- d-----w- c:\windows\system32\3029

2011-09-30 22:27 . 2011-09-30 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia

2011-09-30 21:40 . 2008-04-13 17:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2011-09-30 21:40 . 2008-04-13 17:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys

2011-09-30 21:40 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll

2011-09-30 15:04 . 2011-09-30 15:04 -------- d-----w- c:\documents and settings\michel\Local Settings\Application Data\Nokia

2011-09-30 15:02 . 2011-09-30 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite

2011-09-30 15:02 . 2011-09-30 21:45 -------- d-----w- c:\documents and settings\michel\Application Data\PC Suite

2011-09-30 14:48 . 2011-09-30 14:49 -------- d-----w- c:\program files\Common Files\Nokia

2011-09-30 14:48 . 2011-09-30 14:48 -------- d-----w- c:\program files\DIFX

2011-09-30 14:47 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2011-09-30 14:47 . 2011-09-30 14:47 -------- d-----w- c:\program files\PC Connectivity Solution

2011-09-30 14:47 . 2011-05-18 08:09 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys

2011-09-30 14:47 . 2011-05-18 08:09 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys

2011-09-30 14:47 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2011-09-30 14:47 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2011-09-30 14:47 . 2011-05-18 08:12 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2011-09-30 14:47 . 2011-05-18 08:13 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll

2011-09-30 14:47 . 2011-05-18 08:13 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll

2011-09-30 14:47 . 2011-05-18 08:12 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2011-09-30 14:47 . 2011-05-18 08:09 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

2011-09-30 14:46 . 2011-05-18 08:13 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2011-09-30 14:44 . 2011-09-30 14:48 -------- d-----w- c:\program files\Nokia

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-22 21:34 . 2011-05-18 03:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-12 23:14 . 2011-01-30 04:55 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-09 09:12 . 2005-10-27 06:15 602624 ----a-w- c:\windows\system32\crypt32.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B807D5D-3643-193D-1630-31665D0671EC}]

2004-08-04 12:00 98304 ----a-w- c:\windows\system32\lzz32.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-29 399736]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-02-04 204288]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-26 17353352]

"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-09-01 966712]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2006-02-09 143360]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"ledpointer"="CNYHKey.exe" [2005-11-10 5585408]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-10-12 241664]

"CHotkey"="mHotkey.exe" [2004-12-08 550912]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-09 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-09 40960]

"SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]

"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]

"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]

"EaseUs Watch"="c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe" [2011-04-22 69000]

"EaseUs Tray"="c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe" [2011-04-25 733576]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\NetMeeting\\Conf.exe"=

"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"d:\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"d:\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=

"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56685:TCP"= 56685:TCP:Pando Media Booster

"56685:UDP"= 56685:UDP:Pando Media Booster

.

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-05-22 30600]

R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-05-22 35720]

R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-05-22 20744]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-12-03 682232]

R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-05-22 14216]

R1 MpKsle5acfa5e;MpKsle5acfa5e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54D8E55D-A0D9-4208-901D-1677F91619A5}\MpKsle5acfa5e.sys [2011-10-16 28752]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-10-18 826752]

R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [2005-10-04 72320]

R3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [2011-05-22 187528]

R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-09-15 38248]

S0 rseb;rseb; [x]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S1 MpKsl06290bde;MpKsl06290bde;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E084729C-C12E-4863-96DD-783C9B064068}\MpKsl06290bde.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E084729C-C12E-4863-96DD-783C9B064068}\MpKsl06290bde.sys [?]

S1 MpKsl15a900b7;MpKsl15a900b7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D05DB7B6-FD76-401F-BAC4-F8B5E240C62A}\MpKsl15a900b7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D05DB7B6-FD76-401F-BAC4-F8B5E240C62A}\MpKsl15a900b7.sys [?]

S1 MpKsl323740df;MpKsl323740df;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87471090-2663-40DA-A169-A9C40DAC6177}\MpKsl323740df.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87471090-2663-40DA-A169-A9C40DAC6177}\MpKsl323740df.sys [?]

S1 MpKsl50ce9ded;MpKsl50ce9ded;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD612A01-A8D7-4854-9FA6-DB84232BFE4E}\MpKsl50ce9ded.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD612A01-A8D7-4854-9FA6-DB84232BFE4E}\MpKsl50ce9ded.sys [?]

S1 MpKsl5e127f68;MpKsl5e127f68;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{95F3EBB6-7DB0-4272-BEF3-DF0289948AC0}\MpKsl5e127f68.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{95F3EBB6-7DB0-4272-BEF3-DF0289948AC0}\MpKsl5e127f68.sys [?]

S1 MpKsl5ea75b65;MpKsl5ea75b65;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C87622D8-2059-4252-B92F-C5CA5F27FF25}\MpKsl5ea75b65.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C87622D8-2059-4252-B92F-C5CA5F27FF25}\MpKsl5ea75b65.sys [?]

S1 MpKsl5ef0f8bd;MpKsl5ef0f8bd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4873960C-9654-47CB-9FEE-3C862A5AF939}\MpKsl5ef0f8bd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4873960C-9654-47CB-9FEE-3C862A5AF939}\MpKsl5ef0f8bd.sys [?]

S1 MpKsl6688438a;MpKsl6688438a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54C0D3A0-3E89-451E-BB7F-A47CD532910C}\MpKsl6688438a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54C0D3A0-3E89-451E-BB7F-A47CD532910C}\MpKsl6688438a.sys [?]

S1 MpKsl7d9464c7;MpKsl7d9464c7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72CA8B5F-45B3-493D-9691-88B353F17B41}\MpKsl7d9464c7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72CA8B5F-45B3-493D-9691-88B353F17B41}\MpKsl7d9464c7.sys [?]

S1 MpKsl83964b2f;MpKsl83964b2f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3FE533A6-9FD3-445B-B3D2-BDF4FCA5BD86}\MpKsl83964b2f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3FE533A6-9FD3-445B-B3D2-BDF4FCA5BD86}\MpKsl83964b2f.sys [?]

S1 MpKsl94b61bd0;MpKsl94b61bd0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5366143-2E09-4106-99E0-E36AD68FDCA7}\MpKsl94b61bd0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5366143-2E09-4106-99E0-E36AD68FDCA7}\MpKsl94b61bd0.sys [?]

S1 MpKsl96fc4d6c;MpKsl96fc4d6c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF3013F8-87BF-4457-B1F9-44ABF9870ABB}\MpKsl96fc4d6c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF3013F8-87BF-4457-B1F9-44ABF9870ABB}\MpKsl96fc4d6c.sys [?]

S1 MpKsl9a5d4504;MpKsl9a5d4504;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68DF77E8-60A3-49A7-AF08-3E2172EE3A9A}\MpKsl9a5d4504.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68DF77E8-60A3-49A7-AF08-3E2172EE3A9A}\MpKsl9a5d4504.sys [?]

S1 MpKsla8cf63ee;MpKsla8cf63ee;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D0B4695-DF53-488A-AB01-34F851440B57}\MpKsla8cf63ee.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D0B4695-DF53-488A-AB01-34F851440B57}\MpKsla8cf63ee.sys [?]

S1 MpKslbed7ca7f;MpKslbed7ca7f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF3013F8-87BF-4457-B1F9-44ABF9870ABB}\MpKslbed7ca7f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF3013F8-87BF-4457-B1F9-44ABF9870ABB}\MpKslbed7ca7f.sys [?]

S1 MpKslc0eabccb;MpKslc0eabccb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BAECBCB-AD0C-42D6-9E94-92194FCF9F1F}\MpKslc0eabccb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BAECBCB-AD0C-42D6-9E94-92194FCF9F1F}\MpKslc0eabccb.sys [?]

S1 MpKslc10acfe9;MpKslc10acfe9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F3B993AD-E475-47F8-BCFD-5755B454A94B}\MpKslc10acfe9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F3B993AD-E475-47F8-BCFD-5755B454A94B}\MpKslc10acfe9.sys [?]

S1 MpKslc32e3866;MpKslc32e3866;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F87EEF36-718D-4097-A766-0EDBF6D06A38}\MpKslc32e3866.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F87EEF36-718D-4097-A766-0EDBF6D06A38}\MpKslc32e3866.sys [?]

S1 MpKslc720bcbb;MpKslc720bcbb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD612A01-A8D7-4854-9FA6-DB84232BFE4E}\MpKslc720bcbb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD612A01-A8D7-4854-9FA6-DB84232BFE4E}\MpKslc720bcbb.sys [?]

S1 MpKslf5d8ef6d;MpKslf5d8ef6d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0B40BF5-B232-4C64-81B5-E77924D89818}\MpKslf5d8ef6d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0B40BF5-B232-4C64-81B5-E77924D89818}\MpKslf5d8ef6d.sys [?]

S2 EASEUS Agent;EASEUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [2011-05-22 56200]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 136176]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-05-22 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-05-22 8456]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 136176]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-09-30 137600]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-09-30 8576]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2005-10-27 14336]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S4 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - MPKSLE5ACFA5E

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2011-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

.

2011-10-16 c:\windows\Tasks\Final Media Player Update Checker.job

- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-07-30 13:24]

.

2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 10:28]

.

2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 10:28]

.

2011-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2185377507-2953793375-1258475662-1007Core.job

- c:\documents and settings\michel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-26 03:38]

.

2011-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2185377507-2953793375-1258475662-1007UA.job

- c:\documents and settings\michel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-26 03:38]

.

2011-10-16 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]

.

2011-10-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 15:50]

.

2011-10-15 c:\windows\Tasks\User_Feed_Synchronization-{660099D3-511C-47FB-B782-D9BE78D3ECEF}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.telegraaf.nl/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

TCP: DhcpNameServer = 217.149.196.6 217.149.192.6

DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab

DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-Catan - c:\windows\IsUn0413.exe

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-10-16 17:11

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

EaseUs Tray = "c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe"?????????????????????????????????????????????????????????

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

Voltooingstijd: 2011-10-16 17:14:56

ComboFix-quarantined-files.txt 2011-10-16 15:14

ComboFix2.txt 2009-03-24 14:59

ComboFix3.txt 2009-03-22 15:19

.

Pre-Run: 5,339,930,624 bytes beschikbaar

Post-Run: 25,071,607,808 bytes beschikbaar

.

- - End Of File - - 39C3C88CE217A5B1907E515DF2346085

- - - Updated - - -

Ik heb na de scan van spybot nog niet op fix selected gedrukt. Ik wist niet of dat kan.

groetjes

Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\GameMon.des

Folder::

c:\windows\system32\3029

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B807D5D-3643-193D-1630-31665D0671EC}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Driver::

rseb

npggsvc

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Geplaatst:

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ComboFix 12-11-30.02 - michel 2012-12-01 0:51.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1022.548 [GMT 1:00]

Gestart vanuit: c:\documents and settings\michel\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\michel\Bureaublad\CFScript..txt

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

FILE ::

"c:\windows\system32\GameMon.des"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\1CA73D29.TMP

c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP

c:\documents and settings\michel\Application Data\PriceGong

c:\documents and settings\michel\Application Data\PriceGong\Data\1.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\17624.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\17781.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\2258.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\407.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\4489.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\a.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\b.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\c.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\d.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\e.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\f.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\g.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\h.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\i.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\j.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\k.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\l.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\m.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\michel\Application Data\PriceGong\Data\n.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\o.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\p.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\q.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\r.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\s.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\t.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\u.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\v.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\w.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\wlu.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\x.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\y.txt

c:\documents and settings\michel\Application Data\PriceGong\Data\z.txt

c:\windows\system32\3029

c:\windows\system32\3029\inf3029.dat

c:\windows\system32\fldlckun.exe

c:\windows\system32\Mlkf.dll

c:\windows\system32\SET32.tmp

c:\windows\system32\sqlite3.dll

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_npggsvc

-------\Service_rseb

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-01 to 2012-12-01 ))))))))))))))))))))))))))))))

.

.

2012-11-30 20:02 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0777B5E-9AB9-4131-A5DD-BC8E00583C4E}\mpengine.dll

2012-11-29 22:10 . 2012-11-30 23:40 -------- d--h--r- c:\documents and settings\michel\Onlangs geopend

2012-11-29 21:20 . 2003-06-25 15:05 266360 ----a-w- c:\windows\system32\TweakUI.exe

2012-11-29 18:42 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-28 16:36 . 2012-11-28 16:51 -------- d-----w- c:\program files\uTorrent Acceleration Tool

2012-11-28 16:35 . 2012-11-29 21:03 -------- d-----w- c:\program files\Microsoft Silverlight

2012-11-27 13:33 . 2012-11-27 13:33 -------- d-----w- c:\documents and settings\michel\Application Data\DDMSettings

2012-11-27 13:26 . 2012-11-27 13:26 -------- d-----w- c:\program files\Common Files\Skype

2012-11-26 19:57 . 2012-11-26 19:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\vlc

2012-11-26 17:53 . 2012-11-26 19:44 -------- d-----w- c:\program files\TVersity

2012-11-25 16:18 . 2012-11-25 16:18 -------- d-----w- c:\documents and settings\michel\Application Data\NVIDIA

2012-11-25 13:08 . 2012-11-25 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-11-25 13:06 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe

2012-11-25 13:06 . 2012-11-25 13:07 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2012-11-25 12:40 . 2012-11-25 12:41 -------- d-----w- c:\documents and settings\UpdatusUser

2012-11-25 12:37 . 2012-11-25 12:37 1101436 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-11-25 12:37 . 2012-11-25 12:37 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-11-25 12:37 . 2012-11-25 12:37 1101436 ----a-w- c:\windows\system32\nvdrsdb1.bin

2012-11-25 12:36 . 2012-09-23 14:28 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll

2012-11-25 12:36 . 2012-09-23 14:28 5947392 ----a-w- c:\windows\system32\nvopencl.dll

2012-11-25 12:36 . 2012-09-23 14:28 1009512 ----a-w- c:\windows\system32\nvdispco32.dll

2012-11-25 12:20 . 2012-11-25 12:20 -------- d-----w- c:\program files\Common Files\Adobe

2012-11-25 12:10 . 2012-11-25 12:10 388096 ----a-r- c:\documents and settings\michel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-25 12:05 . 2012-11-25 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2012-11-25 12:01 . 2012-11-25 12:01 -------- d-----w- c:\program files\FileHippo.com

2012-11-24 12:29 . 2012-11-24 12:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2012-11-24 12:29 . 2012-11-24 12:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll

2012-11-24 12:29 . 2012-11-24 12:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll

2012-11-24 12:29 . 2012-11-24 12:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll

2012-11-24 12:29 . 2012-11-24 12:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

2012-11-24 12:29 . 2012-11-24 12:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

2012-11-24 12:29 . 2012-11-24 12:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

2012-11-24 12:28 . 2012-11-24 12:29 -------- d-----w- c:\program files\QuickTime

2012-11-20 10:02 . 2012-11-20 10:02 -------- d-----w- c:\documents and settings\michel\Application Data\Nuclear Coffee

2012-11-20 10:01 . 2012-11-20 10:01 -------- d-----w- c:\program files\Nuclear Coffee

2012-11-20 09:24 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-20 09:06 . 2012-11-20 09:06 -------- d-----w- c:\program files\Perion

2012-11-20 09:05 . 2012-11-20 09:05 -------- d-----w- c:\program files\Gophoto.it

2012-11-20 09:05 . 2012-11-20 09:10 -------- d-----w- c:\program files\TornTV.com

2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

2012-11-06 08:51 . 2012-11-06 08:53 -------- dc-h--w- c:\windows\ie8

2012-11-06 02:17 . 2012-11-06 02:17 -------- d-----w- c:\documents and settings\marjon

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-29 21:58 . 2012-04-05 19:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-29 21:58 . 2011-05-18 03:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-22 19:57 . 2005-10-27 06:15 1866496 ----a-w- c:\windows\system32\win32k.sys

2012-10-20 18:43 . 2012-10-20 18:44 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-20 18:43 . 2012-04-21 10:58 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-10-20 18:43 . 2012-10-20 18:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-02 18:04 . 2005-10-27 06:15 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-23 14:28 . 2010-01-05 14:58 2578792 ----a-w- c:\windows\system32\nvcuvid.dll

2012-09-23 14:28 . 2010-01-05 14:58 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-09-23 14:28 . 2010-01-05 14:58 7446528 ----a-w- c:\windows\system32\nvcuda.dll

2012-09-23 14:28 . 2010-01-05 14:58 17551360 ----a-w- c:\windows\system32\nvcompiler.dll

2012-09-23 14:28 . 2006-02-16 08:51 2376704 ----a-w- c:\windows\system32\nvapi.dll

2012-09-23 14:28 . 2006-02-16 08:51 19103744 ----a-w- c:\windows\system32\nvoglnt.dll

2012-09-23 14:28 . 2005-09-22 22:21 4494208 ----a-w- c:\windows\system32\nv4_disp.dll

2012-09-23 14:28 . 2005-09-22 22:21 12557728 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2012-09-23 13:04 . 2009-11-20 19:32 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-09-23 13:04 . 2009-11-20 19:32 15512424 ----a-w- c:\windows\system32\nvcpl.dll

2012-09-23 13:04 . 2009-11-20 19:32 164200 ----a-w- c:\windows\system32\nvsvc32.exe

2012-09-23 13:04 . 2009-11-20 19:32 143720 ----a-w- c:\windows\system32\nvcolor.exe

2012-09-23 13:04 . 2009-11-20 19:32 108392 ----a-w- c:\windows\system32\nvmctray.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]

"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\k:\0autocheck autochk *\0ROBoot \??\c:\windows\system32\ASOROSet.bin

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^michel^Menu Start^Programma's^Opstarten^fliptoast.lnk]

path=c:\documents and settings\michel\Menu Start\Programma's\Opstarten\fliptoast.lnk

backup=c:\windows\pss\fliptoast.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^michel^Menu Start^Programma's^Opstarten^ZooskMessenger.lnk]

path=c:\documents and settings\michel\Menu Start\Programma's\Opstarten\ZooskMessenger.lnk

backup=c:\windows\pss\ZooskMessenger.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-09-23 19:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent]

2012-03-01 21:59 285072 ----a-w- c:\program files\Samsung\AllShare\AllShareAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-11-02 06:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-10-11 20:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]

2004-12-08 16:57 550912 -c--a-w- c:\windows\mHotkey.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmUCRRun]

2005-10-12 13:44 241664 ----a-w- c:\windows\system32\CmUCREye.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]

2005-01-07 16:30 864256 ------w- c:\program files\Brother\ControlCenter2\brctrcen.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]

2012-11-13 18:13 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2012-11-01 17:56 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]

1998-11-30 16:04 497376 -c--a-w- c:\windows\p_981116.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-04 12:00 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]

2005-11-10 13:41 5585408 -c--a-w- c:\windows\CNYHKey.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2009-06-17 11:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2012-09-29 18:54 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

2004-08-04 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2012-09-23 13:04 15512424 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2012-09-23 13:04 108392 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2006-01-11 16:23 15961088 -c--a-w- c:\windows\RTHDCPL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]

2004-11-11 16:14 49152 ------w- c:\program files\Brother\Brmfl04g\BrStDvPt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-11-09 10:27 17877168 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2012-11-22 08:45 968592 ----a-w- c:\program files\uTorrent\uTorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2009-02-04 13:15 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey

"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\NetMeeting\\Conf.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\AllShareDMS.exe"=

"c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=

"c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=

"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=

"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=

"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=

"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-12-03 682232]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-25 1369624]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-05-29 1528672]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-10-18 826752]

R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [2005-10-04 72320]

R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-09-15 38248]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-05-08 10064]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S1 MpKsl336aed30;MpKsl336aed30;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0777B5E-9AB9-4131-A5DD-BC8E00583C4E}\MpKsl336aed30.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0777B5E-9AB9-4131-A5DD-BC8E00583C4E}\MpKsl336aed30.sys [?]

S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-25 1103392]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-25 168384]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-11-09 160944]

S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-12-21 18432]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-09-30 137600]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-09-30 8576]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2005-10-27 14336]

S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 21:58]

.

2012-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

.

2012-12-01 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-11-25 13:08]

.

2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 10:28]

.

2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 10:28]

.

2012-11-30 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]

.

2012-11-25 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-11-25 13:07]

.

2012-11-30 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-11-25 13:07]

.

2012-11-30 c:\windows\Tasks\User_Feed_Synchronization-{660099D3-511C-47FB-B782-D9BE78D3ECEF}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.telegraaf.nl/

uInternet Settings,ProxyOverride = *.local

DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab

DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab

DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe

MSConfigStartUp-Sweetpacks Communicator - c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-12-01 01:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_131_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_131_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(1756)

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\windows\system32\LckFldService.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\NVIDIA Corporation\nTune\nTuneService.exe

c:\windows\system32\nvsvc32.exe

c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe

c:\progra~1\COMMON~1\X10\Common\x10nets.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\system32\wscntfy.exe

c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

.

**************************************************************************

.

Voltooingstijd: 2012-12-01 01:12:10 - machine werd herstart

ComboFix-quarantined-files.txt 2012-12-01 00:12

ComboFix2.txt 2011-10-16 15:14

ComboFix3.txt 2009-03-24 14:59

ComboFix4.txt 2009-03-22 15:19

.

Pre-Run: 9,832,136,704 bytes beschikbaar

Post-Run: 34,453,565,440 bytes beschikbaar

.

- - End Of File - - 63976439ABE037394182E1FCC8E0C84E

- - - Updated - - -

Het gaat de goede kant op.. pc is heel stil geworden.. gewoon eng :adore:

Geplaatst:
Het gaat de goede kant op.. pc is heel stil geworden.. gewoon eng :adore:
En bedoel je daarmee dat de PC helemaal geen gekke dingen meer doet ?
Geplaatst:

Hij is nog traag maar verder ok. Ik krijg nu heel vaak "runtime error 216 at 5003a116"

ook de error op 217 komt regelmatig voorbij. En mijn pc blijft maar updates binnenhalen. Als ik ze geinstalleerd heb begint de pc ze weer te downloaden. Als ik de vinkjes weg haal dan download de pc gewoon weer andere. en dat blijft maar doorgaan. Zie ook vaak in taakbeheer dat er meerdere wuadt.exe zijn. soms wel drie.

fijn weekend

Geplaatst:

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.