Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Onregelmatigheden, vandaar Hijackthislog

None
40 antwoorden
  • Dag deskundigen,

    Gisteren viel opeens het beeld weg en kreeg ik het bericht dat windows gestopt was vanwege een fout, dat ik opnieuw moest opstarten en als dit bericht vaker zou komen ik de BIOS moest updaten.
    Verder komt AVG regelmatig met het bericht dat Mozilla Firefox veel geheugen verbruikt, en dat ik die moet afsluiten. Dat bericht kreeg ik tot voor kort nooit.
    Misschien heeft het ermee te maken dat ik een week Expat Shield had geinstalleerd, wat me veel reclame en ongewenste websites opleverde. Die heb ik daarna verwijderd en de computer schoongemaakt.
    Hoe dan ook, graag wil ik jullie vragen mijn Hijackthislog even na te kijken. Zodat ik weet dat die in elk geval schoon is.

    Hartelijk dank alvast,

    Diana.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:12:09, on 13-11-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Brownie\BrstsWnd.exe
    C:\Program Files\Andrea Electronics\AudioCommander\AudioCommander.exe
    C:\Program Files\Andrea Electronics\AudioCommander\AEFltrs.exe
    C:\Program Files\Andrea Electronics\VoiceCenter\AndreaVC.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
    C:\Program Files\Brownie\brpjp04a.exe
    C:\Program Files\Creative\Software Update 3\SoftAuto.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\gebruiker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.expatshield.com/g/?c=h
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
    O4 - HKLM\..\Run: [AudioCommander] "C:\Program Files\Andrea Electronics\AudioCommander\AudioCommander.exe" /tray
    O4 - HKLM\..\Run: [AEFltrs] "C:\Program Files\Andrea Electronics\AudioCommander\AEFltrs.exe" /NoDlg
    O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Andrea Electronics\VoiceCenter\AndreaVC.exe" /tray
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [JWOSetup] JWOSetup.exe -en
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [CTZDetec.exe] "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe"
    O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\RunOnce: [JWOSetup] JWOSetup.exe -u
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: PHOTOfunSTUDIO 5.0 HD Edition.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/su/ocx/15031/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124110007421
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
    O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15111/CTPID.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe


    End of file - 12733 bytes
  • Hallo Diana, gezien wat jij zoal met jouw XP doet, hoeveel werkgeheugen is aanwezig in jouw PC?

    [b:2ac8476f6a]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:2ac8476f6a]
  • Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Databaseversie: 8158

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    14-11-2011 8:02:13
    mbam-log-2011-11-14 (08-02-13).txt

    Scantype: Snelle scan
    Objecten gescand: 193469
    Verstreken tijd: 3 minuut/minuten, 38 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:08:50, on 14-11-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Brownie\BrstsWnd.exe
    C:\Program Files\Andrea Electronics\AudioCommander\AudioCommander.exe
    C:\Program Files\Andrea Electronics\AudioCommander\AEFltrs.exe
    C:\Program Files\Andrea Electronics\VoiceCenter\AndreaVC.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
    C:\Program Files\Creative\Software Update 3\SoftAuto.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Brownie\brpjp04a.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
    O4 - HKLM\..\Run: [AudioCommander] "C:\Program Files\Andrea Electronics\AudioCommander\AudioCommander.exe" /tray
    O4 - HKLM\..\Run: [AEFltrs] "C:\Program Files\Andrea Electronics\AudioCommander\AEFltrs.exe" /NoDlg
    O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Andrea Electronics\VoiceCenter\AndreaVC.exe" /tray
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [JWOSetup] JWOSetup.exe -en
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [CTZDetec.exe] "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe"
    O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: PHOTOfunSTUDIO 5.0 HD Edition.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/su/ocx/15031/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124110007421
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
    O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15111/CTPID.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe


    End of file - 11638 bytes


    Wat zou ik dan beter niet kunnen doen met mijn XP?
    Overigens is er nog iets vreemds: na het afsluiten twee updates die worden geinstalleerd. Dat is op zich niet vreemd, maar het gebeurt om de paar dagen, net alsof het updaten niet gelukt is de vorige keren.
  • Je mag het volgende gaan doen:

  • [quote:3e8684757a="Abraham54"]Je mag het volgende gaan doen:

  • Hoe krijg ik Combofix op het bureaublad?
  • Gewoon als downloadlokatie je bureaublad kiezen!
  • [quote:c67cff88f0="Abraham54"]Gewoon als downloadlokatie je bureaublad kiezen![/quote:c67cff88f0]

    Die optie is er niet. Vroeger wel, nu niet meer. Als je een van de opgegeven linken aanklikt, begint het downladen meteen.
  • Indien Firefox je standaardbrowser is, dan heeft FF een standaard downloadlokatie.

    Je hebt TDSSKiller toch ook eerst moeten downloaden….

    Dus dan verplaats je vanuit die standaard downloadlokatie ComboFix eerst naar je bureaublad.
    (Verplaatsen dus, niet kopiëren!).
  • Hier is ie:

    ComboFix 11-11-14.01 - gebruiker 14-11-2011 13:26:50.21.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1465 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\windows\bwUnin-6.1.4.36-8876480L.exe
    c:\windows\bwUnin-7.2.0.137-8876480SL.exe
    c:\windows\system32\CF14009.exe
    c:\windows\system32\PowerToyReadme.htm
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-10-14 to 2011-11-14 ))))))))))))))))))))))))))))))
    .
    .
    2011-11-14 06:18 . 2011-11-14 06:18 ——– d—–w- c:\windows\LastGood
    2011-11-06 06:50 . 2010-08-27 08:03 119808 —-a-w- c:\windows\system32\t2embed.dll
    2011-10-29 10:52 . 2011-11-14 06:57 ——– d—–w- c:\program files\MALWAREBYTES ANTI-MALWARE
    2011-10-27 18:22 . 2011-10-27 18:22 ——– d—–w- c:\program files\Common Files\Java
    2011-10-27 10:47 . 2011-10-27 10:47 ——– d—–w- c:\documents and settings\gebruiker\Application Data\AVG2012
    2011-10-27 10:46 . 2011-10-27 10:53 ——– d—–w- c:\documents and settings\All Users\Application Data\AVG2012
    2011-10-20 10:21 . 2011-11-14 08:01 ——– d—–w- c:\program files\TunnelBear
    2011-10-17 08:28 . 2011-10-17 08:43 ——– d—–w- c:\documents and settings\All Users\Application Data\Norton
    2011-10-16 18:47 . 2011-11-14 09:16 ——– d–h–r- c:\documents and settings\gebruiker\Onlangs geopend
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-31 06:19 . 2011-05-19 07:22 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2005-03-01 20:19 692736 —-a-w- c:\windows\system32\inetcomm.dll
    2011-10-07 05:23 . 2011-01-07 04:41 230608 —-a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 05:21 . 2011-02-10 05:53 16720 —-a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-10-03 03:06 . 2010-06-06 07:14 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 00:37 . 2009-06-19 14:51 73728 —-a-w- c:\windows\system32\javacpl.cpl
    2011-09-28 07:06 . 2005-03-01 20:18 602624 —-a-w- c:\windows\system32\crypt32.dll
    2011-09-26 09:41 . 2008-07-29 17:59 614912 —-a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 09:41 . 2005-03-01 20:20 23040 —-a-w- c:\windows\system32\oleaccrc.dll
    2011-09-26 09:41 . 2005-03-01 20:20 220160 —-a-w- c:\windows\system32\oleacc.dll
    2011-09-13 04:30 . 2011-03-16 14:03 32592 —-a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-09-06 14:09 . 2005-03-01 20:21 1859072 —-a-w- c:\windows\system32\win32k.sys
    2011-08-31 15:00 . 2011-06-18 06:03 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-22 23:41 . 2005-03-01 20:21 916480 —-a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:41 . 2005-03-01 20:19 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:41 . 2005-03-01 20:19 1469440 ——w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:58 . 2005-03-01 20:18 385024 —-a-w- c:\windows\system32\html.iec
    2011-08-17 13:49 . 2005-03-01 20:17 138496 —-a-w- c:\windows\system32\drivers\afd.sys
    2011-11-10 06:22 . 2011-07-18 05:03 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2008-04-24 368640]
    "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JWOSetup"="JWOSetup.exe -en" [X]
    "SoundMan"="SOUNDMAN.EXE" [2003-12-19 65024]
    "ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
    "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
    "AudioCommander"="c:\program files\Andrea Electronics\AudioCommander\AudioCommander.exe" [2008-08-29 888832]
    "AEFltrs"="c:\program files\Andrea Electronics\AudioCommander\AEFltrs.exe" [2008-08-29 741376]
    "VoiceCenter"="c:\program files\Andrea Electronics\VoiceCenter\AndreaVC.exe" [2008-07-31 1134592]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    PHOTOfunSTUDIO 5.0 HD Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-8-4 170480]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0\0\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync
    estart
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
    backup=c:\windows\pss\Google Updater.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^TabUserW.exe.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\TabUserW.exe.lnk
    backup=c:\windows\pss\TabUserW.exe.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^gebruiker^Menu Start^Programma's^Opstarten^Last.fm Helper.lnk]
    path=c:\documents and settings\gebruiker\Menu Start\Programma's\Opstarten\Last.fm Helper.lnk
    backup=c:\windows\pss\Last.fm Helper.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    2007-08-31 10:01 1037736 —-a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-02-16 15:15 221184 —-a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-02-16 15:15 81920 —-a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-04-26 23:22 421160 —-a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
    2007-08-31 19:13 988584 —-a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2004-04-28 13:10 73728 ——w- c:\program files\Logitech\MediaLife\MediaLifeService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    2003-11-10 14:06 406016 —-a-w- c:\windows\system32\PSDrvCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 15:38 421888 —-a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2006-10-25 08:03 210472 —-a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
    2005-07-15 21:48 479232 —-a-w- c:\program files\Google\Gmail Notifier\gnotify.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Soulseek\\slsk.exe"=
    "c:\\Program Files\\DropUpload\\DropUpLoad.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\GigaTribe\\gigatribe.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4210:TCP"= 4210:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22-2-2011 7:13 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16-3-2011 15:03 32592]
    R0 fasttrak;fasttrak;c:\windows\system32\drivers\fasttrak.sys [11-11-2004 16:52 70656]
    R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [11-11-2004 16:53 77312]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-1-2011 5:41 230608]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4-4-2011 23:59 295248]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 6:25 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 5:09 192776]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14-4-2011 20:28 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10-2-2011 6:53 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10-2-2011 6:53 16720]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
    S2 Nmpdrv_N;Nmpdrv_N USB Controller Service; [x]
    S3 aeaudio2;AE USB Audio Driver2 (WDM);c:\windows\system32\drivers\AEAudio2.sys [21-12-2009 16:18 113664]
    S3 aeaudiol;AE USB Audio Driver-Lower (WDM);c:\windows\system32\drivers\AEAudioL.sys [21-12-2009 16:18 15104]
    S3 EMCR;EMCR;c:\windows\system32\drivers\emcr7sk.sys [11-11-2004 16:52 68224]
    S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [31-10-2008 16:11 23096]
    S3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [31-10-2008 16:11 3768]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [21-9-2008 15:19 47360]
    S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [21-9-2008 16:06 223128]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21-9-2008 16:00 642560]
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - 30267546
    *Deregistered* - 30267546
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-11-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
    .
    2011-11-14 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-16 05:50]
    .
    2011-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2093061356-4028600207-3804864594-1007Core.job
    - c:\documents and settings\gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-22 17:24]
    .
    2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2093061356-4028600207-3804864594-1007UA.job
    - c:\documents and settings\gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-22 17:24]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
    DPF: {1D185838-009D-47C8-824B-B65B4854430E} - hxxp://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} - hxxp://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    FF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\0a42b5n7.Standaardgebruiker\
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e270951&i=23&tp=ab&nt=1&q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-14 13:36
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•¤|ÿÿÿÿ•¤|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'winlogon.exe'(1240)
    c:\windows\system32\Ati2evxx.dll
    .
    Voltooingstijd: 2011-11-14 13:45:23
    ComboFix-quarantined-files.txt 2011-11-14 12:45
    ComboFix2.txt 2011-07-19 18:03
    .
    Pre-Run: 15.750.148.096 bytes beschikbaar
    Post-Run: 15.984.013.312 bytes beschikbaar
    .
    - - End Of File - - 858FE40C1C27EF50789264F4B74689E9
  • Dat ziet er prima uit.

    Hoe draait jouw Windows inmiddels.
    Overigens: heb jij Norton in jouw Windows gehad?
  • [quote:f025a356e8="Abraham54"]Dat ziet er prima uit.

    Hoe draait jouw Windows inmiddels.
    Overigens: heb jij Norton in jouw Windows gehad?[/quote:f025a356e8]

    Ik heb nog geen problemen gehad na Combofix.
    Norton had ik een keer per ongeluk aangeklikt bij iets anders. Is zwaar programma, weet ik.
  • Oké, open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:312bc336be]Kladblok[/b:312bc336be]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:312bc336be]
  • Hierbij:
    ComboFix 11-11-14.01 - gebruiker 14-11-2011 15:13:34.22.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1461 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\gebruiker\Bureaublad\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\Norton
    c:\documents and settings\All Users\Application Data\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-10-14 to 2011-11-14 ))))))))))))))))))))))))))))))
    .
    .
    2011-11-06 06:50 . 2010-08-27 08:03 119808 —-a-w- c:\windows\system32\t2embed.dll
    2011-10-29 10:52 . 2011-11-14 06:57 ——– d—–w- c:\program files\MALWAREBYTES ANTI-MALWARE
    2011-10-27 18:22 . 2011-10-27 18:22 ——– d—–w- c:\program files\Common Files\Java
    2011-10-27 10:47 . 2011-10-27 10:47 ——– d—–w- c:\documents and settings\gebruiker\Application Data\AVG2012
    2011-10-27 10:46 . 2011-10-27 10:53 ——– d—–w- c:\documents and settings\All Users\Application Data\AVG2012
    2011-10-20 10:21 . 2011-11-14 08:01 ——– d—–w- c:\program files\TunnelBear
    2011-10-17 08:28 . 2011-10-17 08:28 ——– d—–w- c:\documents and settings\All Users\Application Data\NortonInstaller
    2011-10-16 18:47 . 2011-11-14 14:11 ——– d–h–r- c:\documents and settings\gebruiker\Onlangs geopend
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-31 06:19 . 2011-05-19 07:22 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2005-03-01 20:19 692736 —-a-w- c:\windows\system32\inetcomm.dll
    2011-10-07 05:23 . 2011-01-07 04:41 230608 —-a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 05:21 . 2011-02-10 05:53 16720 —-a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-10-03 03:06 . 2010-06-06 07:14 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 00:37 . 2009-06-19 14:51 73728 —-a-w- c:\windows\system32\javacpl.cpl
    2011-09-28 07:06 . 2005-03-01 20:18 602624 —-a-w- c:\windows\system32\crypt32.dll
    2011-09-26 09:41 . 2008-07-29 17:59 614912 —-a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 09:41 . 2005-03-01 20:20 23040 —-a-w- c:\windows\system32\oleaccrc.dll
    2011-09-26 09:41 . 2005-03-01 20:20 220160 —-a-w- c:\windows\system32\oleacc.dll
    2011-09-13 04:30 . 2011-03-16 14:03 32592 —-a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-09-06 14:09 . 2005-03-01 20:21 1859072 —-a-w- c:\windows\system32\win32k.sys
    2011-08-31 15:00 . 2011-06-18 06:03 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-22 23:41 . 2005-03-01 20:21 916480 —-a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:41 . 2005-03-01 20:19 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:41 . 2005-03-01 20:19 1469440 ——w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:58 . 2005-03-01 20:18 385024 —-a-w- c:\windows\system32\html.iec
    2011-08-17 13:49 . 2005-03-01 20:17 138496 —-a-w- c:\windows\system32\drivers\afd.sys
    2011-11-10 06:22 . 2011-07-18 05:03 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-11-14_12.36.48 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-11-14 14:20 . 2011-11-14 14:20 16384 c:\windows\temp\Perflib_Perfdata_330.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2008-04-24 368640]
    "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JWOSetup"="JWOSetup.exe -en" [X]
    "SoundMan"="SOUNDMAN.EXE" [2003-12-19 65024]
    "ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
    "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
    "AudioCommander"="c:\program files\Andrea Electronics\AudioCommander\AudioCommander.exe" [2008-08-29 888832]
    "AEFltrs"="c:\program files\Andrea Electronics\AudioCommander\AEFltrs.exe" [2008-08-29 741376]
    "VoiceCenter"="c:\program files\Andrea Electronics\VoiceCenter\AndreaVC.exe" [2008-07-31 1134592]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    PHOTOfunSTUDIO 5.0 HD Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-8-4 170480]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0\0\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync
    estart
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
    backup=c:\windows\pss\Google Updater.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^TabUserW.exe.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\TabUserW.exe.lnk
    backup=c:\windows\pss\TabUserW.exe.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^gebruiker^Menu Start^Programma's^Opstarten^Last.fm Helper.lnk]
    path=c:\documents and settings\gebruiker\Menu Start\Programma's\Opstarten\Last.fm Helper.lnk
    backup=c:\windows\pss\Last.fm Helper.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    2007-08-31 10:01 1037736 —-a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-02-16 15:15 221184 —-a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-02-16 15:15 81920 —-a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-04-26 23:22 421160 —-a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
    2007-08-31 19:13 988584 —-a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2004-04-28 13:10 73728 ——w- c:\program files\Logitech\MediaLife\MediaLifeService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    2003-11-10 14:06 406016 —-a-w- c:\windows\system32\PSDrvCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 15:38 421888 —-a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2006-10-25 08:03 210472 —-a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
    2005-07-15 21:48 479232 —-a-w- c:\program files\Google\Gmail Notifier\gnotify.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Soulseek\\slsk.exe"=
    "c:\\Program Files\\DropUpload\\DropUpLoad.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\GigaTribe\\gigatribe.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4210:TCP"= 4210:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22-2-2011 7:13 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16-3-2011 15:03 32592]
    R0 fasttrak;fasttrak;c:\windows\system32\drivers\fasttrak.sys [11-11-2004 16:52 70656]
    R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [11-11-2004 16:53 77312]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-1-2011 5:41 230608]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4-4-2011 23:59 295248]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 6:25 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 5:09 192776]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14-4-2011 20:28 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10-2-2011 6:53 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10-2-2011 6:53 16720]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
    S2 Nmpdrv_N;Nmpdrv_N USB Controller Service; [x]
    S3 aeaudio2;AE USB Audio Driver2 (WDM);c:\windows\system32\drivers\AEAudio2.sys [21-12-2009 16:18 113664]
    S3 aeaudiol;AE USB Audio Driver-Lower (WDM);c:\windows\system32\drivers\AEAudioL.sys [21-12-2009 16:18 15104]
    S3 EMCR;EMCR;c:\windows\system32\drivers\emcr7sk.sys [11-11-2004 16:52 68224]
    S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [31-10-2008 16:11 23096]
    S3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [31-10-2008 16:11 3768]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [21-9-2008 15:19 47360]
    S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [21-9-2008 16:06 223128]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21-9-2008 16:00 642560]
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-11-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
    .
    2011-11-14 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-16 05:50]
    .
    2011-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2093061356-4028600207-3804864594-1007Core.job
    - c:\documents and settings\gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-22 17:24]
    .
    2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2093061356-4028600207-3804864594-1007UA.job
    - c:\documents and settings\gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-22 17:24]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
    DPF: {1D185838-009D-47C8-824B-B65B4854430E} - hxxp://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} - hxxp://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    FF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\0a42b5n7.Standaardgebruiker\
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e270951&i=23&tp=ab&nt=1&q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-14 15:20
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•¤|ÿÿÿÿ•¤|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'winlogon.exe'(1240)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(3940)
    c:\windows\system32\tabhook.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\progra~1\AVG\AVG2012\avgrsx.exe
    c:\program files\AVG\AVG2012\avgcsrvx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\bgsvcgen.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Creative\Shared Files\CTDevSrv.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\Tablet.exe
    c:\program files\AVG\AVG2012\avgnsx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\SOUNDMAN.EXE
    c:\windows\system32\rundll32.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-11-14 15:27:25 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-11-14 14:27
    ComboFix2.txt 2011-11-14 12:45
    ComboFix3.txt 2011-07-19 18:03
    .
    Pre-Run: 15.894.847.488 bytes beschikbaar
    Post-Run: 15.904.473.088 bytes beschikbaar
    .
    - - End Of File - - EAE2EB76067DB63520192D7A6E9935DA


    AVG komt er nogal eens doorheen met toestaan of weigeren. Terwijl ik de scanner heb uitgezet.
  • Mooi zo.
    Dat ben je nu ook kwijt in Windows.

    Alles draait nu naar behoren?
  • [quote:c83990d6fb="Abraham54"]Mooi zo.
    Dat ben je nu ook kwijt in Windows.

    Alles draait nu naar behoren?[/quote:c83990d6fb]

    Ja, prima. Ik ben nog even aan het defragmenteren en dan kan ie er weer een tijdje tegenaan. Ik heb deze computer al sinds 2005 met hetzelfde windowsprogramma. Nooit opnieuw hoeven installeren, dankzij jullie! :D :D

    groetjes,
    diana
  • Welke defragmenteerder gebruik jij?
  • [quote:e51ce05bfa="Abraham54"]Welke defragmenteerder gebruik jij?[/quote:e51ce05bfa]

    Auslogics.
  • Niet slecht.

    Maar sinds kort heeft O&O ook een gratis defragmenteerder, die zodanig defragmenteert, dat veelgebruikte bestanden vooraan de HD komen te staan - Smart-defrag is dat.

    O&O Defrag Free Edition als 32-bit- dan wel 64-bit editie - Downloadlink
  • [quote:8fd7894f51="Abraham54"]Niet slecht.

    Maar sinds kort heeft O&O ook een gratis defragmenteerder, die zodanig defragmenteert, dat veelgebruikte bestanden vooraan de HD komen te staan - Smart-defrag is dat.

    O&O Defrag Free Edition als 32-bit- dan wel 64-bit editie - Downloadlink[/quote:8fd7894f51]

    Ik vind die site te verwarrend. Ik heb per ongeluk de PDF-converter gedownload, geloof ik, en die kan ik niet meer vinden op mijn computer.
    Bij het downloaden van de defragmenter, kreeg ik een foutmelding, dus ik stop daarmee. Auslogics is ook goed.
    Merci!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.