Ga naar inhoud

[OPGELOST] Hijackthis code


Gast Kwinsie

Aanbevolen berichten

Hallo allemaal,

Vandaag ben ik voor het eerst op dit forum.

Ik heb een probleem met mijn windows vista, hij is ontzettend traag, windows verkenner werkt vaak niet (of heel traag), (hij neemt zelfs boven de 90% aan processor snelheid in). Ik zal jullie de code van Hijackthis geven. Mijn computer heeft de intel core duo T7300 processor met 4 gig aan werkgeheugen. Mochten jullie nog meer info over mijn computer nodig hebben, dan hoor ik het wel.

Alvast bedankt.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:03:28, on 12-3-2009

Platform: Windows Vista SP2, v.113 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.16497)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Silvercrest NM1005 driver\StartAutorun.exe

C:\Program Files\Amic Tools\Amic Email Backup\EmailAutoBackup.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Silvercrest NM1005 driver\KMConfig.exe

C:\Program Files\Silvercrest NM1005 driver\KMProcess.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe

C:\Program Files\IncrediMail\bin\ImApp.exe

C:\Users\Roy\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\MioNet\jvm\bin\MioNet.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\Taskmgr.exe

C:\Windows\system32\conime.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! UK & Ireland

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK & Ireland

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK & Ireland

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Silvercrest NM1005 driver\StartAutorun.exe KMConfig.exe

O4 - HKLM\..\Run: [OEAutoBackup] C:\Program Files\Amic Tools\Amic Email Backup\EmailAutoBackup.exe

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [MioNet] C:\Program Files\MioNet\MioNetLauncher.exe /p

O4 - HKLM\..\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Startup: Memeo AutoBackup Launcher.lnk = ?

O8 - Extra context menu item: Add to AMV Converter... - E:\MP3 Player Utilities 4.17\AMVConverter\grab.html

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Silvercrest NM1005 driver\KMWDSrv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: MioNet - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 12876 bytes

Link naar reactie
Delen op andere sites

Dit logje is perfect clean. Wil je - om zeker uit te sluiten dat malware de oorzaak is van je problemen - nog eens volgende progjes laten runnen :

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.

Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht.

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord, samen met het log van MBAM.

Link naar reactie
Delen op andere sites

Dit logje is perfect clean. Wil je - om zeker uit te sluiten dat malware de oorzaak is van je problemen - nog eens volgende progjes laten runnen :

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.

Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht.

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord, samen met het log van MBAM.

Hierbij de info:

ComboFix 09-03-10.03 - Roy 2009-03-12 13:47:06.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1043.18.3069.1670 [GMT 1:00]

Gestart vanuit: c:\users\Roy\Downloads\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\x64

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-02-12 to 2009-03-12 ))))))))))))))))))))))))))))))

.

2009-03-12 11:14 . 2009-03-12 11:14 <DIR> d-------- c:\users\Roy\AppData\Roaming\Malwarebytes

2009-03-12 11:14 . 2009-03-12 11:14 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-03-12 11:14 . 2009-03-12 11:14 <DIR> d-------- c:\programdata\Malwarebytes

2009-03-12 11:14 . 2009-03-12 11:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-12 11:14 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-03-12 11:14 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-03-12 09:59 . 2009-03-12 09:59 <DIR> d-------- c:\program files\Trend Micro

2009-03-11 21:04 . 2008-04-07 05:38 22,872 -ra------ c:\windows\System32\AdobePDFUI.dll

2009-03-11 15:22 . 2009-02-10 21:29 2,034,176 --a------ c:\windows\System32\win32k.sys

2009-03-07 09:41 . 2009-03-07 09:41 <DIR> d-------- c:\users\All Users\InterVideo

2009-03-07 09:41 . 2009-03-07 09:41 <DIR> d-------- c:\programdata\InterVideo

2009-03-07 09:41 . 2007-03-06 11:58 210,456 --a------ c:\windows\System32\IVIresizeW7.dll

2009-03-07 09:41 . 2007-03-06 11:58 206,360 --a------ c:\windows\System32\IVIresizeA6.dll

2009-03-07 09:41 . 2007-03-06 11:58 198,168 --a------ c:\windows\System32\IVIresizeP6.dll

2009-03-07 09:41 . 2007-03-06 11:58 198,168 --a------ c:\windows\System32\IVIresizeM6.dll

2009-03-07 09:41 . 2007-03-06 11:58 194,072 --a------ c:\windows\System32\IVIresizePX.dll

2009-03-07 09:41 . 2007-03-06 11:58 26,136 --a------ c:\windows\System32\IVIresize.dll

2009-03-07 09:37 . 2009-03-07 09:37 <DIR> d-------- c:\program files\Ulead Systems

2009-03-05 16:55 . 2009-03-05 16:55 3,666,432 --a------ c:\windows\System32\drivers\NETw5v32.sys

2009-03-05 16:55 . 2009-03-05 16:55 2,756,608 --a------ c:\windows\System32\NETw5r32.dll

2009-03-05 16:55 . 2009-03-05 16:55 663,552 --a------ c:\windows\System32\NETw5c32.dll

2009-03-05 16:52 . 2009-03-05 16:52 223,232 --a------ c:\windows\System32\drivers\b57nd60x.sys

2009-03-05 16:47 . 2009-03-05 16:47 172,032 --a------ c:\windows\System32\rixdicon.dll

2009-03-05 16:47 . 2009-03-05 16:47 38,400 --a------ c:\windows\System32\drivers\rixdptsk.sys

2009-03-05 16:42 . 2009-03-05 16:42 46,592 --a------ c:\windows\System32\drivers\rimmptsk.sys

2009-03-05 16:41 . 2009-03-05 16:41 43,008 --a------ c:\windows\System32\drivers\rimsptsk.sys

2009-03-05 16:37 . 2009-03-05 16:37 980,992 --a------ c:\windows\System32\drivers\HSX_DPV.sys

2009-03-05 16:37 . 2009-03-05 16:37 661,504 --a------ c:\windows\System32\drivers\HSX_CNXT.sys

2009-03-05 16:37 . 2009-03-05 16:37 229,376 --a------ c:\windows\System32\UCI32M27.dll

2009-03-05 16:37 . 2009-03-05 16:37 207,872 --a------ c:\windows\System32\drivers\HSXHWAZL.sys

2009-03-05 16:37 . 2009-03-05 16:37 146,036 --a------ c:\windows\System32\drivers\HSFProf.cty

2009-03-05 16:37 . 2009-03-05 16:37 8,704 --a------ c:\windows\System32\drivers\XAudio.sys

2009-03-05 16:12 . 2009-03-05 18:18 <DIR> d-------- c:\program files\Driver Checker

2009-03-05 16:12 . 2008-12-03 17:40 81,408 --a------ c:\windows\System32\devcon_x64.exe

2009-03-05 16:12 . 2002-11-14 22:32 55,808 --a------ c:\windows\System32\devcon.exe

2009-03-02 21:27 . 2009-03-02 21:27 <DIR> d-------- c:\users\Roy\AppData\Roaming\Template

2009-03-02 21:27 . 2009-03-02 21:27 0 --a------ c:\users\Roy\AppData\Roaming\wklnhst.dat

2009-02-26 16:51 . 2009-02-26 16:51 <DIR> d-------- c:\windows\System32\IOSUBSYS

2009-02-22 22:03 . 2009-02-22 22:03 <DIR> d-------- c:\users\Public\Roaming

2009-02-21 14:00 . 2009-03-12 09:19 <DIR> d-------- c:\users\Roy\AppData\Roaming\MAGIX

2009-02-21 14:00 . 2009-02-21 14:00 <DIR> d-------- c:\program files\ProtectDisc Driver Installer

2009-02-21 13:53 . 2009-02-21 14:07 <DIR> d-------- c:\program files\Common Files\MAGIX Shared

2009-02-21 13:45 . 2009-03-12 09:21 <DIR> d-------- c:\users\All Users\MAGIX

2009-02-21 13:45 . 2009-03-12 09:21 <DIR> d-------- c:\programdata\MAGIX

2009-02-21 13:44 . 2009-03-12 09:21 <DIR> d-------- c:\program files\MAGIX

2009-02-18 19:24 . 2009-02-18 19:24 260,724 --ah----- c:\windows\System32\mlfcache.dat

2009-02-18 18:49 . 2009-02-18 18:49 <DIR> d-------- c:\program files\ALDI

2009-02-18 18:48 . 2009-03-12 09:21 <DIR> d-------- c:\windows\System32\MAGIX

2009-02-18 18:48 . 2009-02-18 18:48 <DIR> d-------- c:\program files\ALDI Foto Service

2009-02-18 18:48 . 2007-07-11 11:53 697,560 --a------ c:\windows\System32\mgxoschk.dll

2009-02-18 18:48 . 2007-04-27 10:43 120,200 --a------ c:\windows\System32\DLLDEV32i.dll

2009-02-18 18:48 . 2009-02-21 14:07 6,642 --a------ c:\windows\mgxoschk.ini

2009-02-12 18:23 . 2009-02-12 20:42 <DIR> d-------- c:\users\Roy\AppData\Roaming\Ulead Systems

2009-02-12 18:22 . 2009-02-12 18:22 <DIR> d-------- c:\users\Roy\AppData\Roaming\InstallShield

2009-02-12 18:18 . 2009-02-12 18:18 <DIR> d-------- c:\program files\Common Files\InterVideo

2009-02-12 18:17 . 2009-02-12 18:17 <DIR> d-------- c:\program files\Windows Media Components

2009-02-12 18:13 . 2009-03-07 09:37 <DIR> d-------- c:\users\All Users\Ulead Systems

2009-02-12 18:13 . 2009-03-07 09:37 <DIR> d-------- c:\programdata\Ulead Systems

2009-02-12 18:13 . 2009-03-07 09:40 <DIR> d-------- c:\program files\Common Files\Ulead Systems

2009-02-12 17:19 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll

2009-02-12 16:35 . 2009-02-12 16:35 <DIR> d-------- c:\users\All Users\Pinnacle Studio Ultimate

2009-02-12 16:35 . 2009-02-12 16:35 <DIR> d-------- c:\programdata\Pinnacle Studio Ultimate

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-12 12:55 --------- d-----w c:\program files\MioNet

2009-03-12 11:31 --------- d-----w c:\users\Roy\AppData\Roaming\MioNet

2009-03-12 11:29 --------- d-----w c:\users\Roy\AppData\Roaming\WTablet

2009-03-11 15:55 --------- d-----w c:\programdata\Google Updater

2009-03-11 14:21 --------- d-----w c:\programdata\Microsoft Help

2009-03-07 08:35 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-07 08:10 --------- d---a-w c:\programdata\Temp

2009-03-07 07:39 --------- d-----w c:\program files\Easy Computing

2009-03-05 15:39 --------- d-----w c:\program files\CONEXANT

2009-03-05 15:37 386,560 ----a-w c:\windows\system32\drivers\XAudio.exe

2009-03-05 15:21 --------- d-----w c:\program files\Realtek

2009-03-03 19:15 --------- d-----w c:\users\Roy\AppData\Roaming\U3

2009-02-27 16:23 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-26 15:48 --------- d-----w c:\program files\Google

2009-02-12 16:12 --------- d-----w c:\programdata\Pinnacle

2009-02-12 15:50 --------- d-----w c:\program files\Your Uninstaller 2008

2009-02-09 18:59 --------- d-----w c:\program files\IncrediMail

2009-02-09 18:45 --------- d-----w c:\programdata\IM

2009-02-09 18:43 --------- d-----w c:\programdata\IncrediMail

2009-02-09 18:40 --------- d-----w c:\program files\DAMN NFO Viewer

2009-02-07 13:27 --------- d-----w c:\users\Roy\AppData\Roaming\Serif

2009-02-06 15:54 --------- d-----w c:\program files\Common Files\SupportSoft

2009-02-04 09:48 --------- d-----w c:\programdata\ATI

2009-02-04 09:40 --------- d-----w c:\program files\ATI Technologies

2009-02-03 16:20 --------- d-----w c:\programdata\eDatasecurity

2009-02-03 15:55 73,312 ------w c:\windows\system32\drivers\adfs.sys

2009-02-02 20:43 --------- d-----w c:\program files\Common Files\Adobe

2009-02-02 18:57 --------- d-----w c:\programdata\FLEXnet

2009-02-02 18:28 --------- d-----w c:\programdata\ALM

2009-02-02 17:57 --------- d-----w c:\program files\Common Files\Macrovision Shared

2009-02-01 12:19 --------- d-----w c:\program files\Windows Sidebar

2009-02-01 12:19 --------- d-----w c:\program files\Windows Photo Gallery

2009-02-01 12:19 --------- d-----w c:\program files\Windows Mail

2009-02-01 12:19 --------- d-----w c:\program files\Windows Journal

2009-02-01 12:19 --------- d-----w c:\program files\Windows Calendar

2009-01-30 19:50 --------- d-----w c:\program files\CCleaner

2009-01-30 19:12 --------- d-----w c:\users\Roy\AppData\Roaming\URSoft

2009-01-30 18:34 --------- d-----w c:\program files\PDFCreator Toolbar

2009-01-30 16:37 --------- d-----w c:\program files\Windows Installer Clean Up

2009-01-30 16:36 --------- d-----w c:\program files\MSECACHE

2009-01-30 15:39 --------- d-----w c:\program files\Common Files\Adobe AIR

2009-01-30 15:24 --------- d-----w c:\users\Roy\AppData\Roaming\AdobeSupportAdvisor.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2009-01-30 15:24 --------- d-----w c:\program files\AdobeSupportAdvisor

2009-01-26 15:29 --------- d-----w c:\program files\PDFCreator

2009-01-26 15:25 253,116 ----a-w c:\windows\PDFCreator_Toolbar_Uninstaller_3161.exe

2009-01-24 12:19 --------- d-----w c:\users\Roy\AppData\Roaming\FileZilla

2009-01-24 12:12 --------- d-----w c:\program files\FileZilla FTP Client

2009-01-23 17:08 --------- d-----w c:\program files\Paraben

2009-01-22 13:24 --------- d-----w c:\programdata\NOS

2009-01-22 13:24 --------- d-----w c:\program files\NOS

2009-01-17 17:50 --------- d-----w c:\users\Roy\AppData\Roaming\Nero

2009-01-17 17:50 --------- d-----w c:\programdata\LightScribe

2009-01-17 17:49 --------- d-----w c:\programdata\Nero

2009-01-17 17:49 --------- d-----w c:\program files\Common Files\Nero

2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr

2008-12-28 18:48 603,904 ------w c:\windows\System32\TUProgSt.exe

2008-12-28 18:47 362,240 ------w c:\windows\System32\TuneUpDefragService.exe

2008-11-02 11:42 174 --sha-w c:\program files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-10-17 1233920]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-12-13 2292672]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-02-04 251264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-05 6707744]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-07 752400]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]

"KMCONFIG"="c:\program files\Silvercrest NM1005 driver\StartAutorun.exe" [2007-03-06 212992]

"OEAutoBackup"="c:\program files\Amic Tools\Amic Email Backup\EmailAutoBackup.exe" [2006-10-21 91648]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-09-14 648488]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-30 705832]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"MioNet"="c:\program files\MioNet\MioNetLauncher.exe" [2008-02-20 32768]

"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

c:\users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Memeo AutoBackup Launcher.lnk - c:\users\Roy\AppData\Roaming\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2008-11-03 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm

"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk

backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALDI_FotoSuite_Download]

--a------ 2007-01-26 17:43 1167360 c:\program files\ALDI Foto Service\ALDI_Foto_Service\FotoSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

--------- 2007-04-25 15:33 457216 c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

--a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet]

-ra------ 2008-02-20 14:31 32768 c:\program files\MioNet\MioNetLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"MioNet"=c:\program files\MioNet\MioNetLauncher.exe /p

"Acer Tour Reminder"=c:\acer\AcerTour\Reminder.exe

"WinampAgent"="c:\program files\Winamp\winampa.exe"

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

"Adobe_ID0ENQBO"=c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

"WD Drive Manager"=c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2126244293-3985895264-2861262754-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{086181F3-26DE-4381-8BF7-9CB68B93AF36}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{5BCFA30E-DE6A-4656-AD36-2478A73BC684}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine

"{DDFD763F-5D6E-4285-B87C-F987FFDCC6DE}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician

"{81063C60-F0E5-4313-8EAE-6ACD8596BE31}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia

"{B51B606D-0CCF-405C-946D-E134CB214537}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard

"{565DF334-C2D1-472E-9919-FD4D42ABE33D}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie

"{5921BCC5-215B-40B6-A452-9FAB9BEC63ED}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program

"{20862CD1-B20C-484F-B4A1-1F680670FD08}"= UDP:1700:MioNet Remote Drive Access 0

"{5D9538C7-BC86-42C2-A240-8F98CC13AD62}"= UDP:1701:MioNet Remote Drive Access 1

"{59B9AC3D-AEA7-47AB-BD4C-AEB9241A137C}"= UDP:1702:MioNet Remote Drive Access 2

"{FB74D82A-FAC4-4E00-B3DC-C8A5501E10F1}"= UDP:1703:MioNet Remote Drive Access 3

"{38F7841D-55B7-4163-87FB-DF111844C7E5}"= UDP:1704:MioNet Remote Drive Access 4

"{0D988264-1B39-4E96-A05B-9BF46CD15553}"= UDP:1705:MioNet Remote Drive Access 5

"{14FC38AE-2B84-4A14-B971-2641F84A7C4F}"= UDP:1706:MioNet Remote Drive Access 6

"{F77912F9-DD6A-4F8B-8A14-B475CF38E9BC}"= UDP:1707:MioNet Remote Drive Access 7

"{DC934DBA-C112-4FDF-921E-F05FEEE1627E}"= UDP:1708:MioNet Remote Drive Access 8

"{DB900D06-EDBA-42BF-89A6-1BB77DA1F342}"= UDP:1709:MioNet Remote Drive Access 9

"{29638C82-6743-40DC-89C4-28AB58C9C55C}"= UDP:1641:MioNet Remote Drive Verification

"{09234A4B-C9A1-4E06-BF26-581A842B4FE0}"= UDP:1647:MioNet Storage Device Configuration

"{B01A210E-6526-465C-9F75-1C06411E07B9}"= TCP:5432:MioNet Storage Device Discovery

"{A6030A01-4B9E-4C20-B68D-0EF754BC610F}"= UDP:c:\program files\MioNet\MioNetManager.exe:MioNetManager

"{6BFE0FE5-68BE-478E-8615-EB9ADCB5557E}"= TCP:c:\program files\MioNet\MioNetManager.exe:MioNetManager

"{3889B49C-0BB2-4A71-B12C-498C8D85EA04}"= UDP:c:\program files\MioNet\jvm\bin\MioNet.exe:MioNet

"{0F61A213-47E0-4624-A594-407DD84E0339}"= TCP:c:\program files\MioNet\jvm\bin\MioNet.exe:MioNet

"{D8B7B93D-8E88-4F40-94C5-AE73F070D429}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"TCP Query User{0FA53B4B-EF3F-4495-84D3-E29A77801A57}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{0C1AB5EE-5E40-4C9A-9AC4-3E6930C851B3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{9590280B-CEFB-47DB-A44D-4F100A5AC267}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar

"UDP Query User{634CD14C-6E2C-49C5-B9B7-CA4DA711CE90}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar

"{53104D56-5E13-4D43-BAFD-50D0AA512571}"= TCP:67:DHCP Discovery Service

"TCP Query User{5672B25C-F22B-49B1-8355-584A77709D78}c:\\program files\\mionet\\jvm\\bin\\mionet.exe"= UDP:c:\program files\mionet\jvm\bin\mionet.exe:Java Platform SE binary

"UDP Query User{898A2749-9CB7-4C00-835A-D31A2FB7EC90}c:\\program files\\mionet\\jvm\\bin\\mionet.exe"= TCP:c:\program files\mionet\jvm\bin\mionet.exe:Java Platform SE binary

"{1C06E2AB-BE05-4951-8655-92E6F38F5123}"= UDP:5353:Adobe CSI CS4

"{0E425ECA-339E-41AB-A5E6-2EAB7F11B1FD}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{9E29C6AE-408E-464A-A43B-AA7DF08DF493}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{8DAB034A-5EDA-416E-9FE0-BCCE60A652D4}"= UDP:5353:Adobe CSI CS4

"{A1D48D95-4036-4264-AB7C-6EE1C612184F}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{37D02CB3-BDC0-4F61-85C3-D518E4F460B7}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{89797558-1408-4298-A48C-EC95E862665E}"= UDP:3703:Adobe Version Cue CS4 Server

"{6AA57756-5B16-43B9-934C-605669F788C1}"= UDP:3704:Adobe Version Cue CS4 Server

"{72C143F0-4A0E-43E1-A1EE-688370A7C4B3}"= UDP:51000:Adobe Version Cue CS4 Server

"{E8AE1A43-CDFF-426A-B95B-F7C73B364E6E}"= UDP:51001:Adobe Version Cue CS4 Server

"{9A684CC3-6321-40F6-A2ED-76B49BB37CAA}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server

"{C2A12925-BECC-4238-905F-6FB739292A64}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server

"{72A03068-286A-41BA-A1F0-D8232FAB09A0}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{E2E596D1-57D5-432E-A945-55F411F0A943}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{FAF580AA-7E2F-4594-9E22-A87FD6BDCFA0}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{BDDA660D-7BC1-4FAA-B3F0-B36128043903}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"TCP Query User{03F646BE-C4E3-4F5A-AE21-BC6FF8F9A62A}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser

"UDP Query User{BAE651AC-EAF8-445D-957F-9F0039040C91}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser

"TCP Query User{2C42B741-7B1A-4267-8045-9BAE7061F6B7}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{8D97FE31-265A-4319-BE74-6BA3FA2654A8}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{80B300C7-6FD1-4F26-BE60-3E185B7B991B}"= TCP:67:DHCP Discovery Service

"TCP Query User{17C3CD56-1B44-4D32-822B-DC1EACBE917E}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar

"UDP Query User{5DF5739D-7BF1-4F03-B376-788811F20EAF}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar

"{8583772A-165B-4586-96D3-C8300B0ACC32}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

"{24DC044B-F5E7-4D28-A73F-6EF18F1DF2E1}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

"{D573BCB1-9770-48E4-882D-4822C69BB0B8}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

"{A58D6059-798D-4704-AD9F-85400224DC9D}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

"{80C8C19A-5C28-4989-9149-45F16781E320}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

"{99D1AD78-9C35-473A-864F-3AAA2B05583A}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

"{6D973F15-7DB8-430C-B952-ED79066AF6A3}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

"{53FEFC9C-6452-42E8-93F1-8C2DE52BC0AD}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

"{01917398-CB32-4674-931C-08EE1B38EFF0}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service

"{19BA41CD-9859-4630-899C-7EBB65FE7E96}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-10-19 13:48:51 13560]

R2 acedrv09;acedrv09;c:\windows\System32\drivers\acedrv09.sys [2007-06-18 373568]

R2 acehlp09;acehlp09;c:\windows\System32\drivers\acehlp09.sys [2007-05-30 201696]

R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Silvercrest NM1005 driver\KMWDSrv.exe [2007-06-16 208896]

R2 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [2008-02-20 139264]

R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [2008-11-12 1373480]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-28 603904]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 102400]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2007-07-30 32256]

R3 Ndisrd;WinpkFilter Service;c:\windows\System32\drivers\ndisrd.sys [2008-10-31 23224]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2009-03-05 3666432]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam.sys [2008-05-16 11520]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 288112]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2009-03-05 223232]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2009-02-21 1527900]

S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 558592]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2009-02-21 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64dcbc99-b192-11dd-a4d0-f0a964b87fc7}]

\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

%SystemRoot%\system32\soundschemes2.exe /AddRegistration

.

Inhoud van de 'Gedeelde Taken' map

2009-03-12 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 16:28]

2008-12-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-11-02 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-12-20 c:\windows\Tasks\NSSstub.job

- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2008-12-16 18:42]

.

- - - - ORPHANS VERWIJDERD - - - -

ShellIconOverlayIdentifiers-{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} - %SystemRoot%\system32\EhStorShell.dll

MSConfigStartUp-TrayServer - c:\program files\MAGIX\Video_deluxe_2008\TrayServer.exe

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://nl.intl.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! UK & Ireland

IE: Add to AMV Converter... - e:\mp3 player utilities 4.17\AMVConverter\grab.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\i75s88y2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=chrff-brandt_off&type=000129X001US&p=

FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-12 13:58:59

Windows 6.0.6002 Service Pack 2, v.113 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(7988)

c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll

c:\program files\Pure Networks\Network Magic\nmrsrc.dll

.

Voltooingstijd: 2009-03-12 14:01:13

ComboFix-quarantined-files.txt 2009-03-12 13:01:08

Pre-Run: 48.168.439.808 bytes beschikbaar

Post-Run: 48,434,208,768 bytes beschikbaar

360 --- E O F --- 2009-03-11 14:22:15

----------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.34

Database versie: 1840

Windows 6.0.6002 Service Pack 2, v.113

12-3-2009 11:55:31

mbam-log-2009-03-12 (11-55-31).txt

Scan type: Snelle Scan

Objecten gescand: 63497

Verstreken tijd: 27 minute(s), 26 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

--------------------------------------------------

Ik hoop dat je hier wat mee kan.

Groetjes Roy

Link naar reactie
Delen op andere sites

Dat ziet er allemaal netjes uit. Geen malware meer te bespeuren.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.