Vraag & Antwoord

Beveiliging & privacy

Help probleem met smitfraud denk ik

9 antwoorden
  • kan iemand mij helpen? ik krijg gedurende enkele dagen de melding " De bewerkingis geannuleerd van op uw systeem geldende beperkingen. Neem contact op met de systeembeheerder." ik krijg ze als ik mijn configuratiescherm wil openen of als ik iets wil uninstallen. Ik had al gelezen op google dat het te maken heeft met Smitfraud. Maar ik heb geen idee wat ik moet doen Kan iemand mij helpen? Hier vind je de logfile van hijack this Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:00:06, on 19/10/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\explorer.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe C:\Windows\System32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Eigenaar\Application Data\IEMonitor.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Eigenaar\Application Data\IDMan.exe C:\Documents and Settings\Eigenaar\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.google.be R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Eigenaar\Application Data\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HDD Regenerator] C:\Program Files\HDD Regenerator\HDD Regenerator.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Windows Update] C:\Documents and Settings\Eigenaar\Sjablonen\Server.exe O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Eigenaar\Application Data\IDMan.exe /onboot O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -update plugin O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Eigenaar\Application Data\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Eigenaar\Application Data\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Eigenaar\Application Data\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\Microsoft Office 2007\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Eigenaar\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Verzenden naar &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: &Virtueel toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office 2007\Office12\REFIEBAR.DLL O9 - Extra button: URL Adviseur - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206368452921 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\AVP9\mzvkbd3.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c987be2657cb96) (gupdate1c987be2657cb96) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -- End of file - 12282 bytes Alvast bedankt
  • Hallo, Je windows is helemaal niet geupdate. Jij werkt nog met SP2 en je moet eigenlijk SP3 hebben geïnstalleerd. Hierdoor is computer kwetsbaar. Sluit alle open vensters. Start HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:9be8f116ae]F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O4 - HKCU\..\Run: [Windows Update] C:\Documents and Settings\Eigenaar\Sjablonen\Server.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1[/b:9be8f116ae] Klik daarna op "Fix checked" en sluit HijackThis af. Herstart de computer. Voer nu eerst een scan uit met Malwarebytes' Anti-Malware (MBAM). Heb je vandaag reeds een scan uitgevoerd met dit programma dan post je de meest recente log. Deze kan je als volgt vinden: [list:9be8f116ae][*:9be8f116ae]Start Malwarebytes' Anti-Malware (MBAM). [*:9be8f116ae]Klik op het tabblad "[b:9be8f116ae]Logs[/b:9be8f116ae]". Daar vind je een overzicht van de logs gemaakt door MBAM. Deze worden opgeslagen als mbam-log-jaar-maand-dag (uur).txt. [*:9be8f116ae]Kies de meest recente, dubbelklik er op. De logfile opent. [*:9be8f116ae]Post de inhoud van de logfile.[/list:u:9be8f116ae] Heb je Malwarebytes' Anti-Malware (MBAM) reeds op de computer staan en je hebt onlangs (vandaag) geen nieuwe scan uitgevoerd, dan doe je dit: [list:9be8f116ae][*:9be8f116ae]Start MBAM. [*:9be8f116ae]Ga naar het tabblad "[b:9be8f116ae]Update[/b:9be8f116ae]". [*:9be8f116ae]Klik op de knop "[b:9be8f116ae]Controleer op Updates[/b:9be8f116ae]". MBAM maakt nu connectie met de servers om de laatste definities te downloaden en zal deze installeren. [*:9be8f116ae]Ga naar het tabblad "Scanner". [*:9be8f116ae]Selecteer "[b:9be8f116ae]Snelle Scan[/b:9be8f116ae]" en klik op de knop "[b:9be8f116ae]Scan[/b:9be8f116ae]". Malwarebytes' Anti-Malware zal nu de computer scannen. [*:9be8f116ae]Wanneer de scan voltooid is, klik je op [b:9be8f116ae]OK[/b:9be8f116ae], daarna op "Bekijk Resultaten" om de resultaten te zien. [*:9be8f116ae]Wordt er wat gevonden door MBAM, dan zorg ervoor dat daar [b:9be8f116ae]alles aangevinkt is[/b:9be8f116ae] en daarna klik je op: [b:9be8f116ae]Verwijder geselecteerde[/b:9be8f116ae]. [*:9be8f116ae]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. Sta toe dat de computer opnieuw gestart wordt. Doe dit onmiddellijk!! [*:9be8f116ae]Na de herstart start je Malwarebytes' Anti-Malware opnieuw. [*:9be8f116ae]Klik op het tabblad "[b:9be8f116ae]Logs[/b:9be8f116ae]". Daar vind je een overzicht van de logs gemaakt door MBAM. Deze worden opgeslagen als mbam-log-jaar-maand-dag (uur).txt. [*:9be8f116ae]Kies de meest recente, dubbelklik er op. De logfile opent. [*:9be8f116ae]Post de inhoud van de logfile.[/list:u:9be8f116ae] Heb je nog geen scan gedaan met Malwarebytes' Anti-Malware dan volg je deze instructies: [list:9be8f116ae][*:9be8f116ae]Downloadt MBAM (Malwarebytes' Anti-Malware) [url=http://www.besttechie.net/tools/mbam-setup.exe][b:9be8f116ae]hier[/b:9be8f116ae][/url] of [url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:9be8f116ae]hier[/b:9be8f116ae][/url]. [*:9be8f116ae]Dubbelklik op [b:9be8f116ae]mbam-setup.exe[/b:9be8f116ae] om de installatie te starten. [*:9be8f116ae]Zorg ervoor dat er een vinkje geplaatst is voor [b:9be8f116ae]Update Malwarebytes' Anti-Malware[/b:9be8f116ae] en [b:9be8f116ae]Start Malwarebytes' Anti-Malware[/b:9be8f116ae]. [*:9be8f116ae]Klik daarna op "Voltooien". [*:9be8f116ae]Indien een update gevonden wordt, zal deze gedownload en geïnstalleerd worden. [*:9be8f116ae]Wanneer het programma volledig up to date is selecteer je het tabblad [b:9be8f116ae]Scanner[/b:9be8f116ae] [*:9be8f116ae]Selecteer "[b:9be8f116ae]Snelle Scan[/b:9be8f116ae]" en klik op de knop "[b:9be8f116ae]Scan[/b:9be8f116ae]". Malwarebytes' Anti-Malware zal nu de computer scannen. [*:9be8f116ae]Het scannen kan een tijdje duren, dus wees geduldig. [*:9be8f116ae]Wanneer de scan voltooid is, klik op op [b:9be8f116ae]OK[/b:9be8f116ae], daarna op "Bekijk Resultaten" om de resultaten te zien. [*:9be8f116ae]Wordt er wat gevonden door MBAM, dan zorg ervoor dat daar [b:9be8f116ae]alles aangevinkt is[/b:9be8f116ae] en daarna klik je op: [b:9be8f116ae]Verwijder geselecteerde[/b:9be8f116ae]. [*:9be8f116ae]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. Sta toe dat de computer opnieuw gestart wordt. Doe dit onmiddellijk!! [*:9be8f116ae]Na de herstart start je Malwarebytes' Anti-Malware opnieuw. [*:9be8f116ae]Klik op het tabblad "[b:9be8f116ae]Logs[/b:9be8f116ae]". Daar vind je een overzicht van de logs gemaakt door MBAM. Deze worden opgeslagen als mbam-log-jaar-maand-dag (uur).txt. [*:9be8f116ae]Kies de meest recente, dubbelklik er op. De logfile opent. [*:9be8f116ae]Post de inhoud van de logfile. [/list:u:9be8f116ae] Start HijackThis opnieuw, maak een nieuwe log en post deze.
  • bedankt ik zal direct eens testen of het werkt :D
  • [b:7c9a2b25df]Dit is de logfile van MBAM[/b:7c9a2b25df] Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4882 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 19/10/2010 18:13:13 mbam-log-2010-10-19 (18-13-13).txt Scantype: Snelle scan Objecten gescand: 143313 Verstreken tijd: 10 minuut/minuten, 59 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 7 Registerwaarden geïnfecteerd: 3 Registerdata geïnfecteerd: 3 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 5 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DARKNESS (Trojan.Backdoor) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\firevall administrating (Trojan.Backdoor) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD (Hijack.CMDPrompt) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\Eigenaar\Local Settings\Temp\sam.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\id.txt (Malware.Trace) -> Quarantined and deleted successfully.
  • [b:72ca97e0d8]Dit is de logfile van hijackthis[/b:72ca97e0d8] Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:27:44, on 19/10/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\HDD Regenerator\HDD Regenerator.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\HDD Regenerator\HDD Regenerator.exe C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\System32\svchost.exe c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Eigenaar\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.google.be R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HDD Regenerator] C:\Program Files\HDD Regenerator\HDD Regenerator.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\Microsoft Office 2007\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Eigenaar\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Verzenden naar &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: &Virtueel toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office 2007\Office12\REFIEBAR.DLL O9 - Extra button: URL Adviseur - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206368452921 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\AVP9\mzvkbd3.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c987be2657cb96) (gupdate1c987be2657cb96) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -- End of file - 11295 bytes
  • Dat is al beter. Download combofix.exe van deze site: http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden . ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe. Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen. Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised". Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Krijg je deze melding dan meld je dit. Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt). Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • [b:bf50831dab]Dit is het log van Combofix[/b:bf50831dab] ComboFix 10-10-18.06 - Eigenaar 19/10/2010 19:06:12.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.510.107 [GMT 2:00] Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\hotfile\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Eigenaar\Application Data\PriceGong c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\1.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\a.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\b.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\c.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\d.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\e.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\f.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\g.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\h.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\i.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\J.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\k.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\l.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\m.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\n.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\o.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\p.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\q.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\r.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\s.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\t.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\u.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\v.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\w.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\x.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\y.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\z.xml c:\program files\MalwareWiped c:\program files\MalwareWiped\ignorelist.dat c:\program files\MalwareWiped\malwarewipe.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSUPDATE -------\Legacy_USNJSVC -------\Service_usnjsvc (((((((((((((((((((( Bestanden Gemaakt van 2010-09-19 to 2010-10-19 )))))))))))))))))))))))))))))) . 2010-10-19 15:57 . 2010-10-19 15:57 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes 2010-10-19 15:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-19 15:56 . 2010-10-19 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-10-19 15:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-19 15:56 . 2010-10-19 15:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-19 10:21 . 2010-10-19 15:55 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\DMCache 2010-10-19 10:20 . 2010-10-19 10:21 -------- d-----w- c:\program files\Internet Download Manager 2010-10-19 10:20 . 2010-10-19 10:20 3205744 ----a-w- c:\documents and settings\Eigenaar\Application Data\idman519.exe 2010-10-17 18:36 . 2010-10-17 18:38 -------- d-----w- c:\program files\Zoo tycoon 2 2010-10-15 18:24 . 2010-10-15 18:42 -------- d-----w- c:\program files\HDD Regenerator 2010-10-15 18:23 . 2010-10-15 18:23 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Downloaded Installations 2010-10-12 17:02 . 2004-08-03 21:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys 2010-10-12 17:02 . 2004-08-03 21:08 25600 ----a-w- c:\windows\system32\dllcache\usbser.sys 2010-10-12 17:02 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-10-12 16:59 . 2010-10-12 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite 2010-10-12 16:58 . 2010-10-12 16:58 -------- d-----w- c:\program files\Common Files\PCSuite 2010-10-12 16:57 . 2010-10-12 16:58 -------- d-----w- c:\program files\Common Files\Nokia 2010-10-12 16:57 . 2010-10-12 16:58 -------- d-----w- c:\program files\DIFX 2010-10-12 16:56 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2010-10-12 16:55 . 2010-10-12 16:55 -------- d-----w- c:\program files\PC Connectivity Solution 2010-10-12 16:54 . 2009-02-09 06:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys 2010-10-12 16:53 . 2009-02-09 06:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys 2010-10-12 16:53 . 2009-02-09 06:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys 2010-10-12 16:53 . 2009-02-09 06:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll 2010-10-12 16:53 . 2009-02-09 06:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys 2010-10-12 16:53 . 2009-02-09 06:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll 2010-10-12 16:53 . 2010-10-12 16:58 -------- d-----w- c:\program files\Nokia 2010-10-12 16:49 . 2010-10-12 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations 2010-10-10 14:51 . 2010-10-10 14:53 -------- d-----w- c:\program files\CardRecovery 2010-10-06 16:17 . 2010-10-19 16:35 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend 2010-10-06 15:06 . 2010-10-06 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData 2010-10-06 15:00 . 2010-10-09 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe 2010-09-29 15:01 . 2009-02-05 08:53 53248 ----a-w- c:\windows\system32\CSVer.dll 2010-09-29 14:56 . 2010-09-29 14:56 -------- d-----w- c:\program files\Intel 2010-09-29 14:55 . 2010-09-29 14:55 -------- d-----w- C:\Intel 2010-09-29 14:51 . 2010-09-29 17:25 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Uniblue 2010-09-29 14:51 . 2010-09-29 16:44 -------- d-----w- c:\program files\Uniblue 2010-09-29 14:51 . 2010-09-29 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner 2010-09-29 14:49 . 2010-09-29 16:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5} 2010-09-29 13:33 . 2010-09-29 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2010-09-27 07:13 . 2010-09-27 07:13 -------- d-----w- c:\program files\7-Zip 2010-09-23 18:23 . 2010-10-10 15:09 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Conduit 2010-09-23 18:23 . 2010-10-10 15:10 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\DVDVideoSoftTB 2010-09-23 18:23 . 2010-09-23 18:23 -------- d-----w- c:\program files\Conduit 2010-09-23 18:23 . 2010-09-23 18:23 -------- d-----w- c:\program files\DVDVideoSoftTB 2010-09-23 17:34 . 2010-09-23 17:34 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\DVDVideoSoftIEHelpers 2010-09-23 17:19 . 2010-09-23 18:33 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\MP-Manager 2010-09-23 17:17 . 2010-09-23 17:17 -------- d-----w- c:\program files\MPMAN . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184] [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2010-04-27 08:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184] [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184] [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] "SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2010-08-13 67960] "Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-08-16 1877272] "Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2007-08-16 1269000] "Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-08-16 9495832] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 790528] "Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-09-01 340520] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HDD Regenerator"="c:\program files\HDD Regenerator\HDD Regenerator.exe" [2010-09-03 2425104] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-6-2 565309] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-6-7 450560] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFolderInfo"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\docume~1\ALLUSE~1\AVP9\mzvkbd3.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0smrgdf c:\program files\iolo\System Mechanic Professional 6\\0SsiEfr.e [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^MagicDisc.lnk] backup=c:\windows\pss\MagicDisc.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^PowerReg Scheduler.exe] backup=c:\windows\pss\PowerReg Scheduler.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^tempdeleter.lnk] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] 2004-06-01 10:46 196608 ------w- c:\program files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] 2004-06-01 09:09 458752 ------w- c:\program files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-01-31 21:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart] 2007-09-15 01:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-11-02 21:53 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" /background "Instant Access"=rundll32.exe EGDACCESS_1068.dll,InstantAccess "ctfmon.exe"=c:\windows\system32\ctfmon.exe "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "eabconfg.cpl"=c:\program files\HPQ\Quick Launch Buttons\EabServr.exe /Start "Cpqset"=c:\program files\HPQ\Default Settings\cpqset.exe "LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe "MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\javaws.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DiskTrix\\UltimateDefrag\\UDefrag.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\Cossacks - The Art Of War\\dmcr.exe"= "c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"= "c:\\SPELLEKES\\{PC Game} Star Wars Galactic Battlegrounds\\Stwars_Galactic_Battlegrounds\\Game\\Battlegrounds.exe"= "c:\\Documents and Settings\\Eigenaar\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\SPELLEKES\\age of empires\\age2_x1.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\OpenTTD\\openttd.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "c:\\Program Files\\Paradox Entertainment\\Victoria\\Victoria.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21:18 36880] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [6/09/2010 2:19 169408] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 14:42 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/10/2009 19:39 19472] S2 gupdate1c987be2657cb96;Google Update Service (gupdate1c987be2657cb96);c:\program files\Google\Update\GoogleUpdate.exe [5/02/2009 20:18 133104] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usbxp.sys [30/04/2004 15:35 24832] S3 c95af3a9-cdfa-4c5f-862e-40a3146b7d2c;c95af3a9-cdfa-4c5f-862e-40a3146b7d2c;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?] . Inhoud van de 'Gedeelde Taken' map 2010-10-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-YOUR-FFACC82D80-Eigenaar.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-28 23:25] 2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 18:18] 2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 18:18] 2010-09-30 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2010-09-29 07:03] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mWindow Title = www.google.be uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\Microsoft Office 2007\Office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\documents and settings\Eigenaar\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\ou5wz9uq.Standaardgebruiker\ FF - prefs.js: browser.startup.homepage - www.google.be FF - component: c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\ou5wz9uq.Standaardgebruiker\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\ou5wz9uq.Standaardgebruiker\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\docume~1\Eigenaar\APPLIC~1\PowerChallenge\nppowerloader.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . ------- Bestandsassociaties ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS VERWIJDERD - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe MSConfigStartUp-URLLSTCK - c:\program files\Norton Internet Security\UrlLstCk.exe AddRemove-Cossacks - The Art of War Demo - c:\progra~1\Cossacks - The Art of War Demo\UNWISE.EXE AddRemove-Quake III Arena - c:\program files\Quake III Arena\QIII.isu . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-3805080461-1517801316-570759719-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:d6,47,a3,2a,47,07,2b,9e,ed,db,9f,bb,3c,3d,41,eb,28,f1,ba,3a,4c,7f,d2, d5,32,73,b5,0f,ef,6b,45,f3,0f,35,78,2d,e7,78,64,57,d4,38,48,43,06,17,b3,d6,\ "??"=hex:69,18,09,69,1e,36,36,88,0f,b3,0a,6f,73,81,fc,c7 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(452) c:\windows\system32\Ati2evxx.dll c:\windows\system32\WRLogonNTF.dll - - - - - - - > 'explorer.exe'(7464) c:\program files\Logitech\MouseWare\System\LgWndHk.dll c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\UAService7.exe c:\program files\Logitech\MouseWare\system\em_exec.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfimon.exe c:\program files\Uniblue\SpeedUpMyPC\sump.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\HPQ\SHARED\HPQWMI.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe . ************************************************************************** . Voltooingstijd: 2010-10-19 19:43:47 - machine werd herstart ComboFix-quarantined-files.txt 2010-10-19 17:43 Pre-Run: 15 559 880 704 bytes beschikbaar Post-Run: 15 574 396 928 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=N2VPJK /Kernel=TUKernel.exe multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=N2VPJK-BAK - - End Of File - - E7A1D0E07E74C31C8B837F53ED3EA77E
  • [b:cc4d86cfbd]Dit is het logfile van hijackthis[/b:cc4d86cfbd] Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:47:46, on 19/10/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\HDD Regenerator\HDD Regenerator.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\HDD Regenerator\HDD Regenerator.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe C:\Documents and Settings\Eigenaar\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HDD Regenerator] C:\Program Files\HDD Regenerator\HDD Regenerator.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\Microsoft Office 2007\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Eigenaar\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Verzenden naar &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: &Virtueel toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office 2007\Office12\REFIEBAR.DLL O9 - Extra button: URL Adviseur - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206368452921 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\AVP9\mzvkbd3.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c987be2657cb96) (gupdate1c987be2657cb96) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -- End of file - 10827 bytes
  • ik denk dat het is gelukt configuratiescherm kan terug geopend worden. en die stomme melding komt niet meer :D

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.