Volledige versie bekijken : Muis komt tijdje vast te zitten bij selecteren commando
zerufaar 17 September 2010, 13:40 Gegevens PC:
Pentium 4 3,4 GHz
512 Mb
Windows XP Home SP3
Mijn PC heb ik reeds opgekuist met:
Ccleaner, Malware-bytes anti malware, Spybot search and destroy,Smart defrag, gescant met Antivir.
Hier volgt de HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:34:29, on 17/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FortiSslvpnDaemon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\utorrent.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240780459375
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2.be/mailconfig/config/bin/AccountHelper.cab
O16 - DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} (fortisslvpn Class) - https://utexbel.teleworking.belgacom.be/sslvpn.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 {nl_NL} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 9786 bytes
Jelle 17 September 2010, 18:26 Even ter info: deze post is gekopieerd uit dit topic (http://www.minatica.be/threads/70991-Muis-komt-tijdje-vast-te-zitten-bij-selecteren-commando) :)
Woudje100 18 September 2010, 19:01 Hallo,
TeaTimer (SpyBot S&D) uitschakelen
Start Spybot-S&D
Ga naar Menu en select "Advance mode"
Aan de linker kant, Kies Tools -> Resident
Haal het vinkje weg bij "Resident TeaTimer" en druk "OK" bij elke melding
Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.
Woudje100
zerufaar 20 September 2010, 15:27 Resident tea time werd uitgeschakeld.
Hier volgt de log van Combofix:
ComboFix 10-09-19.03 - Eigenaar 20/09/2010 15:08:02.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.511.251 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-08-20 to 2010-09-20 ))))))))))))))))))))))))))))))
.
2010-09-16 12:39 . 2010-09-20 12:54 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend
2010-09-15 12:08 . 2010-09-15 12:08 -------- d-----w- c:\program files\piPOol
2010-09-08 19:01 . 2010-09-08 19:01 -------- d-----w- c:\program files\Nero
2010-09-08 15:05 . 2010-09-08 15:05 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Nero_AG
2010-09-08 15:02 . 2010-09-08 17:51 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Nero
2010-09-08 14:41 . 2010-09-08 14:41 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Nero
2010-09-08 14:25 . 2010-09-08 14:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Nero
2010-09-08 12:54 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-09-08 12:54 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-09-08 12:54 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-09-08 12:54 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-09-08 12:54 . 2010-09-08 12:54 -------- d-----w- c:\windows\Logs
2010-09-08 12:53 . 2010-09-08 14:20 -------- d-----w- c:\windows\SxsCaPendDel
2010-09-03 19:15 . 2010-09-16 21:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-09-03 19:15 . 2010-09-08 11:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-03 19:11 . 2010-09-16 21:12 -------- d-----w- c:\program files\SpywareBlaster
2010-09-03 19:09 . 2010-09-03 19:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-02 06:22 . 2009-03-09 13:01 510496 ----a-w- c:\windows\system32\FortiSslvpnDaemon.exe
2010-08-27 21:23 . 2010-08-27 21:23 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\IObit
2010-08-27 21:23 . 2010-08-27 21:23 -------- d-----w- c:\program files\IObit
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-20 13:20 . 2009-05-01 21:06 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\uTorrent
2010-09-20 12:59 . 2009-04-26 22:44 87848 ----a-w- c:\windows\system32\perfc013.dat
2010-09-20 12:59 . 2009-04-26 22:44 503184 ----a-w- c:\windows\system32\perfh013.dat
2010-09-20 12:42 . 2009-05-04 19:21 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-09-16 20:43 . 2009-09-26 14:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-16 12:24 . 2009-05-01 20:39 -------- d-----w- c:\program files\CCleaner
2010-09-09 09:04 . 2002-12-31 22:10 -------- d-----w- c:\program files\ScanWizard 5
2010-09-08 19:01 . 2004-10-06 01:06 -------- d-----w- c:\program files\Common Files\Ahead
2010-09-01 17:39 . 2009-05-01 20:40 -------- d-----w- c:\program files\uTorrent
2010-08-17 13:17 . 2009-04-26 22:43 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-15 18:58 . 2010-08-13 22:53 -------- d-----w- c:\program files\PCPitstop
2010-08-15 18:58 . 2010-08-13 22:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PCPitstop
2010-08-15 18:57 . 2010-08-15 18:57 388096 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-15 18:57 . 2010-08-15 18:57 -------- d-----w- c:\program files\Trend Micro
2010-08-15 18:28 . 2010-08-15 08:50 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-15 18:25 . 2009-04-22 22:06 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-15 18:24 . 2010-08-15 18:24 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-08-15 18:24 . 2010-08-15 18:24 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-08-15 18:24 . 2010-08-15 18:24 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-08-15 16:22 . 2010-08-15 16:22 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-15 08:50 . 2010-08-15 08:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA Corporation
2010-08-14 12:00 . 2004-10-06 00:26 17408 ----a-w- c:\windows\system32\drivers\usbcrft.sys
2010-08-13 21:44 . 2009-05-02 15:51 -------- d-----w- c:\program files\Bonjour
2010-08-13 18:31 . 2010-08-13 18:31 -------- d-----w- c:\program files\CodeStuff
2010-08-12 22:36 . 2009-10-05 21:07 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Media Player Classic
2010-08-12 22:09 . 2010-08-12 21:47 -------- d-----w- c:\program files\Windows Defender
2010-08-12 21:44 . 2010-08-12 21:44 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-12 21:42 . 2010-08-12 21:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Hitman Pro
2010-08-12 21:42 . 2010-08-12 21:42 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-12 21:30 . 2010-08-12 21:30 163561 ----a-w- c:\windows\Audio Converter Pro Uninstaller.exe
2010-08-12 21:30 . 2009-05-01 19:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\River Past G5
2010-08-12 21:30 . 2009-12-28 20:13 -------- d-----w- c:\program files\Common Files\River Past
2010-08-12 21:14 . 2009-09-16 13:46 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Apple Computer
2010-08-12 21:14 . 2004-10-05 23:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-12 21:14 . 2009-05-13 14:30 -------- d-----w- c:\program files\Home Cinema
2010-08-12 19:45 . 2009-06-17 18:39 -------- d-----w- c:\program files\Crawler
2010-08-12 19:42 . 2010-08-05 12:38 -------- d-----w- c:\program files\PcCloneEX
2010-08-05 20:16 . 2004-10-24 11:34 -------- d-----w- c:\program files\Common Files\Java
2010-08-05 20:15 . 2004-10-24 11:34 -------- d-----w- c:\program files\Java
2010-08-05 13:39 . 2009-04-26 21:09 141176 ----a-w- c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-05 12:38 . 2010-08-05 12:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FNET
2010-08-05 12:38 . 2010-08-12 19:42 2972672 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\FNET\PcCloneEX\Uninstall.exe
2010-08-04 16:34 . 2010-08-04 16:33 -------- d-----w- c:\program files\RescuePRO Deluxe
2010-08-04 16:32 . 2010-08-04 16:34 286720 ----a-w- c:\windows\iun507.exe
2010-08-04 13:54 . 2010-08-04 13:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MYPCTuneUp
2010-08-04 12:40 . 2010-08-04 12:40 503808 ----a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4db4e6d7-n\msvcp71.dll
2010-08-04 12:40 . 2010-08-04 12:40 12800 ----a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-4d5ced84-n\decora-d3d.dll
2010-08-04 12:40 . 2010-08-04 12:40 499712 ----a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4db4e6d7-n\jmc.dll
2010-08-04 12:40 . 2010-08-04 12:40 61440 ----a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-4d5ced84-n\decora-sse.dll
2010-08-04 12:40 . 2010-08-04 12:40 348160 ----a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4db4e6d7-n\msvcr71.dll
2010-07-22 15:46 . 2009-04-26 22:43 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-05-16 19:51 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-07 11:46 . 2009-04-27 20:00 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-30 12:33 . 2009-04-26 22:43 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2009-04-26 22:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2009-04-26 22:43 1852032 ----a-w- c:\windows\system32\win32k.sys
2009-06-08 15:09 . 2009-06-08 15:09 4575552 ----a-w- c:\program files\OutlookConnector.exe
2009-05-03 13:44 . 2009-05-03 13:42 16976752 ----a-w- c:\program files\IE8-WindowsXP-x86-NLD.exe
2009-05-03 13:22 . 2009-05-03 13:22 1091264 ----a-w- c:\program files\oggcodecs_0.81.15562-win32.exe
2009-05-01 20:20 . 2009-05-01 20:20 243204 ----a-w- c:\program files\unlocker1.8.7.exe
2009-05-01 19:25 . 2009-05-01 19:25 1306687 ----a-w- c:\program files\remote_x10_dx.exe
2009-05-01 16:00 . 2009-05-01 16:00 30075904 ----a-w- c:\program files\avira_antivir_personal_en.exe
2009-04-30 21:25 . 2009-04-30 21:25 2585872 ----a-w- c:\program files\WindowsInstaller-KB893803-v2-x86.exe
2009-03-07 11:39 . 2009-05-04 19:18 97 ----a-w- c:\program files\Spyware Doctor License Code.txt
2009-03-04 04:44 . 2009-05-04 19:18 18190616 ----a-w- c:\program files\sdasetup.exe
2002-06-04 07:59 . 2002-06-04 07:59 204800 ----a-w- c:\program files\Restoration.exe
2002-06-04 07:53 . 2002-06-04 07:53 8127 ----a-w- c:\program files\README.txt
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\
æTorrent.lnk - c:\program files\uTorrent\utorrent.exe [2009-5-1 328568]
c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2009-9-19 339968]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [30/12/2009 18:34 902432]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [30/12/2009 18:34 2326920]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/05/2009 18:02 108289]
R2 FortiSslvpnDaemon;FortiSslvpnDaemon;c:\windows\sys tem32\FortiSslvpnDaemon.exe [2/09/2010 8:22 510496]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [30/12/2009 18:34 159168]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [6/10/2004 1:38 1287296]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [23/10/2004 14:49 24704]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [9/03/2009 15:01 36384]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [6/10/2004 2:27 19928]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMo n.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSy sMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNET URPX.SYS --> c:\windows\system32\drivers\FNETURPX.SYS [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 19:19 13592]
S3 ADASPROT;SYSTWEAKASO;\??\c:\program files\Advanced System Optimizer 3\adasprot32.sys --> c:\program files\Advanced System Optimizer 3\adasprot32.sys [?]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\usbcrft.sys [6/10/2004 2:26 17408]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\ TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pc tplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
2010-08-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2010-09-16 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2010-09-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2010-09-20 c:\windows\Tasks\User_Feed_Synchronization-{DA800A99-758F-4427-B51E-B27D91B0DBE9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
2010-09-20 c:\windows\Tasks\User_Feed_Synchronization-{ED978EBE-5B95-496F-96BC-BDB0F0990D01}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://www.tele2.be/mailconfig/config/bin/AccountHelper.cab
DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} - hxxps://utexbel.teleworking.belgacom.be/sslvpn.cab
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-20 15:17
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil 10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil1 0i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\ð•€|ÿÿÿÿ.•€|þ»Ñw�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\€–}|ÿÿÿÿÀ•}|ù•9~�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(3128)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2010-09-20 15:22:16
ComboFix-quarantined-files.txt 2010-09-20 13:22
ComboFix2.txt 2010-08-28 09:14
Pre-Run: 15.050.989.568 bytes beschikbaar
Post-Run: 16.636.559.360 bytes beschikbaar
- - End Of File - - 9485D92E1D4C92268077E4E8C70F2407
Woudje100 20 September 2010, 18:40 Hallo,
Gebruik je de betaalde versie van Hitman Pro?
Zonee, ga naar Start --> Configuratiescherm --> Software en verwijder daar HitmanPro
Post tevens een uninstall log:
start HijackThis,
klik op de knop Open the Misc Tools section,
klik op de knop Open Uninstall Manager
Klik op de knop Save.
Woudje100
zerufaar 21 September 2010, 11:41 Raar dat je vraagt om HitmanPro te verwijderen.
Ik heb dit programma reeds enkele weken gelegen verwijderd.
In mijn softwarelijst komt het inderdaad niet meer voor.
Hier volgt de Uninstall log:
ABBYY FineReader 6.0 Sprint
ABBYY FineReader OCR Engine for ScanWizard
Acronis True Image Home
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Creative Suite 3 Design Premium
Adobe Creative Suite 3 Design Premium toevoegen of verwijderen
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.4
Adobe Setup
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Audacity 1.2.6
AutoCAD 2009 - English
Avira AntiVir Personal - Free Antivirus
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2183461)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB954155)
Beveiligingsupdate voor Windows Media Player (KB968816)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows Media Player (KB975558)
Beveiligingsupdate voor Windows Media Player (KB978695)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows XP (KB2079403)
Beveiligingsupdate voor Windows XP (KB2115168)
Beveiligingsupdate voor Windows XP (KB2121546)
Beveiligingsupdate voor Windows XP (KB2160329)
Beveiligingsupdate voor Windows XP (KB2229593)
Beveiligingsupdate voor Windows XP (KB2259922)
Beveiligingsupdate voor Windows XP (KB2286198)
Beveiligingsupdate voor Windows XP (KB2347290)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB923789)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956744)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956844)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958690)
Beveiligingsupdate voor Windows XP (KB958869)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960715)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB963027)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969059)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB969947)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB970430)
Beveiligingsupdate voor Windows XP (KB971468)
Beveiligingsupdate voor Windows XP (KB971486)
Beveiligingsupdate voor Windows XP (KB971557)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973346)
Beveiligingsupdate voor Windows XP (KB973354)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973525)
Beveiligingsupdate voor Windows XP (KB973869)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974112)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB974571)
Beveiligingsupdate voor Windows XP (KB975025)
Beveiligingsupdate voor Windows XP (KB975467)
Beveiligingsupdate voor Windows XP (KB975560)
Beveiligingsupdate voor Windows XP (KB975561)
Beveiligingsupdate voor Windows XP (KB975562)
Beveiligingsupdate voor Windows XP (KB975713)
Beveiligingsupdate voor Windows XP (KB977165)
Beveiligingsupdate voor Windows XP (KB977816)
Beveiligingsupdate voor Windows XP (KB977914)
Beveiligingsupdate voor Windows XP (KB978037)
Beveiligingsupdate voor Windows XP (KB978251)
Beveiligingsupdate voor Windows XP (KB978262)
Beveiligingsupdate voor Windows XP (KB978338)
Beveiligingsupdate voor Windows XP (KB978542)
Beveiligingsupdate voor Windows XP (KB978601)
Beveiligingsupdate voor Windows XP (KB978706)
Beveiligingsupdate voor Windows XP (KB979309)
Beveiligingsupdate voor Windows XP (KB979482)
Beveiligingsupdate voor Windows XP (KB979559)
Beveiligingsupdate voor Windows XP (KB979683)
Beveiligingsupdate voor Windows XP (KB980195)
Beveiligingsupdate voor Windows XP (KB980218)
Beveiligingsupdate voor Windows XP (KB980232)
Beveiligingsupdate voor Windows XP (KB980436)
Beveiligingsupdate voor Windows XP (KB981322)
Beveiligingsupdate voor Windows XP (KB981852)
Beveiligingsupdate voor Windows XP (KB981997)
Beveiligingsupdate voor Windows XP (KB982214)
Beveiligingsupdate voor Windows XP (KB982665)
Beveiligingsupdate voor Windows XP (KB982802)
BlueSoleil
Canon iP4200
Canon Setup Utility 2.0
CCleaner
CD-LabelPrint
C-Media High Definition Audio Driver
CodeStuff Starter
Combined Community Codec Pack 2008-01-24
Corel Applications
DirectShow .SHN FIlter
Essentiële update voor Windows Media Player 11 (KB959772)
Generic USB CardReader 2.0
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB942288-v3)
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB961118)
Hotfix voor Windows XP (KB970653-v3)
Hotfix voor Windows XP (KB976098-v2)
Hotfix voor Windows XP (KB979306)
Hotfix voor Windows XP (KB981793)
IrfanView (remove only)
Java(TM) 6 Update 21
LAME v3.98.2 for Audacity
Malwarebytes' Anti-Malware
MediaShow 3.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Editie 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft SOAP Toolkit 3.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MioMore Desktop 2008
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Nero 7 Premium
neroxml
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OGA Notifier 1.7.0105.35.0
Ogg Codecs 0.81.15562
PDF Settings
PowerCinema 3.0
PowerDirector
PowerDVD
PowerProducer
PowerQuest PartitionMagic 8.0
QuickTime
RescuePRO Deluxe 4.0
River Past Audio Converter Pro
RT2500 USB Wireless LAN Card
ScanWizard 5
Smart Defrag
Spybot - Search & Destroy
SpywareBlaster 4.4
System Requirements Lab
Tabletennis Matches
Unlocker 1.8.8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update voor Windows Internet Explorer 8 (KB976662)
Update voor Windows Internet Explorer 8 (KB976749)
Update voor Windows Internet Explorer 8 (KB980182)
Update voor Windows XP (KB2141007)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB967715)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB971737)
Update voor Windows XP (KB973687)
Update voor Windows XP (KB973815)
VIA Rhine-Family Fast Ethernet Adapter
VLC media player 1.1.4
W83L518D
Windows Defender
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WMPTagSupportExtender
X10 Hardware(TM)
XRECODE
Woudje100 21 September 2010, 12:19 Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
File::
c:\windows\system32\drivers\hitmanpro35.sys
Folder::
c:\documents and settings\Eigenaar\Application Data\IObit
c:\program files\IObit
c:\documents and settings\All Users.WINDOWS\Application Data\Hitman Pro
c:\program files\Hitman Pro 3.5
Driver::
hitmanpro35
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f, 63,68,6b,20,2a,00,00
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://img517.imageshack.us/img517/8662/cfscript10uc2.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Woudje100
zerufaar 22 September 2010, 12:57 Hier volgt de gevraagde Combifix log en eronder de HijackThis log:
ComboFix 10-09-21.01 - Eigenaar 22/09/2010 11:58:52.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.511.277 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\windows\system32\drivers\hitmanpro35.sys"
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.WINDOWS\Application Data\Hitman Pro
c:\documents and settings\All Users.WINDOWS\Application Data\Hitman Pro\Banner.bin
c:\documents and settings\Eigenaar\Application Data\IObit
c:\documents and settings\Eigenaar\Application Data\IObit\IObit SmartDefrag\config.ini
c:\documents and settings\Eigenaar\Application Data\IObit\IObit SmartDefrag\Fav.ico
c:\program files\Hitman Pro 3.5
c:\program files\Hitman Pro 3.5\HitmanPro35.exe
c:\program files\IObit
c:\program files\IObit\IObit SmartDefrag\EULA.rtf
c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
c:\program files\IObit\IObit SmartDefrag\language\???.lng
c:\program files\IObit\IObit SmartDefrag\language\????.lng
c:\program files\IObit\IObit SmartDefrag\language\?????.lng
c:\program files\IObit\IObit SmartDefrag\language\??????.lng
c:\program files\IObit\IObit SmartDefrag\language\???????.lng
c:\program files\IObit\IObit SmartDefrag\language\?????????.lng
c:\program files\IObit\IObit SmartDefrag\language\Arabic.lng
c:\program files\IObit\IObit SmartDefrag\language\Bahasa Indonesia.lng
c:\program files\IObit\IObit SmartDefrag\language\Czech.lng
c:\program files\IObit\IObit SmartDefrag\language\Danish.lng
c:\program files\IObit\IObit SmartDefrag\language\Deutsch.lng
c:\program files\IObit\IObit SmartDefrag\language\Eesti.lng
c:\program files\IObit\IObit SmartDefrag\language\English.lng
c:\program files\IObit\IObit SmartDefrag\language\Español.lng
c:\program files\IObit\IObit SmartDefrag\language\Finnish.lng
c:\program files\IObit\IObit SmartDefrag\language\Français.lng
c:\program files\IObit\IObit SmartDefrag\language\Hrvatski.lng
c:\program files\IObit\IObit SmartDefrag\language\Icelandic.lng
c:\program files\IObit\IObit SmartDefrag\language\Italiano.lng
c:\program files\IObit\IObit SmartDefrag\language\Korean.lng
c:\program files\IObit\IObit SmartDefrag\language\Lietuvi?.lng
c:\program files\IObit\IObit SmartDefrag\language\Magyar.lng
c:\program files\IObit\IObit SmartDefrag\language\Nederlands.lng
c:\program files\IObit\IObit SmartDefrag\language\Norwegian.lng
c:\program files\IObit\IObit SmartDefrag\language\Polish.lng
c:\program files\IObit\IObit SmartDefrag\language\Portuguese(PT-BR).lng
c:\program files\IObit\IObit SmartDefrag\language\Portuguese(PT-PT).lng
c:\program files\IObit\IObit SmartDefrag\language\Portuguese.lng
c:\program files\IObit\IObit SmartDefrag\language\Român.lng
c:\program files\IObit\IObit SmartDefrag\language\Slovak.lng
c:\program files\IObit\IObit SmartDefrag\language\Slovenski.lng
c:\program files\IObit\IObit SmartDefrag\language\Svenska.lng
c:\program files\IObit\IObit SmartDefrag\language\Türkçe.lng
c:\program files\IObit\IObit SmartDefrag\language\Ukrainian.lng
c:\program files\IObit\IObit SmartDefrag\language\Urdu.lng
c:\program files\IObit\IObit SmartDefrag\language\Valencian.lng
c:\program files\IObit\IObit SmartDefrag\language\Vietnamese.lng
c:\program files\IObit\IObit SmartDefrag\NtfsData.dll
c:\program files\IObit\IObit SmartDefrag\SDInit.exe
c:\program files\IObit\IObit SmartDefrag\taskdll.dll
c:\program files\IObit\IObit SmartDefrag\TSCommon.dll
c:\program files\IObit\IObit SmartDefrag\unins000.dat
c:\program files\IObit\IObit SmartDefrag\unins000.exe
c:\program files\IObit\IObit SmartDefrag\unins000.msg
c:\program files\IObit\IObit SmartDefrag\What's new.txt
c:\windows\system32\drivers\hitmanpro35.sys
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-08-22 to 2010-09-22 ))))))))))))))))))))))))))))))
.
2010-09-16 12:39 . 2010-09-22 09:51 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend
2010-09-15 12:08 . 2010-09-15 12:08 -------- d-----w- c:\program files\piPOol
2010-09-08 19:01 . 2010-09-08 19:01 -------- d-----w- c:\program files\Nero
2010-09-08 15:05 . 2010-09-08 15:05 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Nero_AG
2010-09-08 15:02 . 2010-09-08 17:51 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Nero
2010-09-08 14:41 . 2010-09-08 14:41 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Nero
2010-09-08 14:25 . 2010-09-08 14:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Nero
2010-09-08 12:54 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-09-08 12:54 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-09-08 12:54 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-09-08 12:54 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-09-08 12:54 . 2010-09-08 12:54 -------- d-----w- c:\windows\Logs
2010-09-08 12:53 . 2010-09-08 14:20 -------- d-----w- c:\windows\SxsCaPendDel
2010-09-03 19:15 . 2010-09-16 21:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-09-03 19:15 . 2010-09-08 11:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-03 19:11 . 2010-09-16 21:12 -------- d-----w- c:\program files\SpywareBlaster
2010-09-03 19:09 . 2010-09-03 19:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-02 06:22 . 2009-03-09 13:01 510496 ----a-w- c:\windows\system32\FortiSslvpnDaemon.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-22 10:15 . 2009-05-01 21:06 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\uTorrent
2010-09-20 12:59 . 2009-04-26 22:44 87848 ----a-w- c:\windows\system32\perfc013.dat
2010-09-20 12:59 . 2009-04-26 22:44 503184 ----a-w- c:\windows\system32\perfh013.dat
2010-09-20 12:42 . 2009-05-04 19:21 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-09-16 20:43 . 2009-09-26 14:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-16 12:24 . 2009-05-01 20:39 -------- d-----w- c:\program files\CCleaner
2010-09-09 09:04 . 2002-12-31 22:10 -------- d-----w- c:\program files\ScanWizard 5
2010-09-08 19:01 . 2004-10-06 01:06 -------- d-----w- c:\program files\Common Files\Ahead
2010-09-01 17:39 . 2009-05-01 20:40 -------- d-----w- c:\program files\uTorrent
2010-08-17 13:17 . 2009-04-26 22:43 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-15 18:58 . 2010-08-13 22:53 -------- d-----w- c:\program files\PCPitstop
2010-08-15 18:58 . 2010-08-13 22:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PCPitstop
2010-08-15 18:57 . 2010-08-15 18:57 388096 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-15 18:57 . 2010-08-15 18:57 -------- d-----w- c:\program files\Trend Micro
2010-08-15 18:28 . 2010-08-15 08:50 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-15 18:25 . 2009-04-22 22:06 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-15 18:24 . 2010-08-15 18:24 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-08-15 18:24 . 2010-08-15 18:24 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-08-15 18:24 . 2010-08-15 18:24 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-08-15 16:22 . 2010-08-15 16:22 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-15 08:50 . 2010-08-15 08:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA Corporation
2010-08-14 12:00 . 2004-10-06 00:26 17408 ----a-w- c:\windows\system32\drivers\usbcrft.sys
2010-08-13 21:44 . 2009-05-02 15:51 -------- d-----w- c:\program files\Bonjour
2010-08-13 18:31 . 2010-08-13 18:31 -------- d-----w- c:\program files\CodeStuff
2010-08-12 22:36 . 2009-10-05 21:07 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Media Player Classic
2010-08-12 22:09 . 2010-08-12 21:47 -------- d-----w- c:\program files\Windows Defender
2010-08-12 21:30 . 2010-08-12 21:30 163561 ----a-w- c:\windows\Audio Converter Pro Uninstaller.exe
2010-08-12 21:30 . 2009-05-01 19:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\River Past G5
2010-08-12 21:30 . 2009-12-28 20:13 -------- d-----w- c:\program files\Common Files\River Past
2010-08-12 21:14 . 2009-09-16 13:46 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Apple Computer
2010-08-12 21:14 . 2004-10-05 23:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-12 21:14 . 2009-05-13 14:30 -------- d-----w- c:\program files\Home Cinema
2010-08-12 19:45 . 2009-06-17 18:39 -------- d-----w- c:\program files\Crawler
2010-08-12 19:42 . 2010-08-05 12:38 -------- d-----w- c:\program files\PcCloneEX
2010-08-05 20:16 . 2004-10-24 11:34 -------- d-----w- c:\program files\Common Files\Java
2010-08-05 20:15 . 2004-10-24 11:34 -------- d-----w- c:\program files\Java
2010-08-05 13:39 . 2009-04-26 21:09 141176 ----a-w- c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-05 12:38 . 2010-08-05 12:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FNET
2010-08-05 12:38 . 2010-08-12 19:42 2972672 ------w- c:\documents and settings\All Users.WINDOWS\Application Data\FNET\PcCloneEX\Uninstall.exe
2010-08-04 16:34 . 2010-08-04 16:33 -------- d-----w- c:\program files\RescuePRO Deluxe
2010-08-04 16:32 . 2010-08-04 16:34 286720 ----a-w- c:\windows\iun507.exe
2010-08-04 13:54 . 2010-08-04 13:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MYPCTuneUp
2010-08-04 12:40 . 2010-08-04 12:40 503808 ----a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4db4e6d7-n\msvcp71.dll
2010-08-04 12:40 . 2010-08-04 12:40 12800 ----a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-4d5ced84-n\decora-d3d.dll
2010-08-04 12:40 . 2010-08-04 12:40 499712 ----a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4db4e6d7-n\jmc.dll
2010-08-04 12:40 . 2010-08-04 12:40 61440 ----a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-4d5ced84-n\decora-sse.dll
2010-08-04 12:40 . 2010-08-04 12:40 348160 ----a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4db4e6d7-n\msvcr71.dll
2010-07-22 15:46 . 2009-04-26 22:43 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-05-16 19:51 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-07 11:46 . 2009-04-27 20:00 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-30 12:33 . 2009-04-26 22:43 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2009-04-26 22:43 916480 ----a-w- c:\windows\system32\wininet.dll
2009-06-08 15:09 . 2009-06-08 15:09 4575552 ----a-w- c:\program files\OutlookConnector.exe
2009-05-03 13:44 . 2009-05-03 13:42 16976752 ----a-w- c:\program files\IE8-WindowsXP-x86-NLD.exe
2009-05-03 13:22 . 2009-05-03 13:22 1091264 ----a-w- c:\program files\oggcodecs_0.81.15562-win32.exe
2009-05-01 20:20 . 2009-05-01 20:20 243204 ----a-w- c:\program files\unlocker1.8.7.exe
2009-05-01 19:25 . 2009-05-01 19:25 1306687 ----a-w- c:\program files\remote_x10_dx.exe
2009-05-01 16:00 . 2009-05-01 16:00 30075904 ----a-w- c:\program files\avira_antivir_personal_en.exe
2009-04-30 21:25 . 2009-04-30 21:25 2585872 ----a-w- c:\program files\WindowsInstaller-KB893803-v2-x86.exe
2009-03-07 11:39 . 2009-05-04 19:18 97 ----a-w- c:\program files\Spyware Doctor License Code.txt
2009-03-04 04:44 . 2009-05-04 19:18 18190616 ----a-w- c:\program files\sdasetup.exe
2002-06-04 07:59 . 2002-06-04 07:59 204800 ----a-w- c:\program files\Restoration.exe
2002-06-04 07:53 . 2002-06-04 07:53 8127 ----a-w- c:\program files\README.txt
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\
æTorrent.lnk - c:\program files\uTorrent\utorrent.exe [2009-5-1 328568]
c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2009-9-19 339968]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [30/12/2009 18:34 902432]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [30/12/2009 18:34 2326920]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/05/2009 18:02 108289]
R2 FortiSslvpnDaemon;FortiSslvpnDaemon;c:\windows\sys tem32\FortiSslvpnDaemon.exe [2/09/2010 8:22 510496]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [30/12/2009 18:34 159168]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [6/10/2004 1:38 1287296]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [23/10/2004 14:49 24704]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [9/03/2009 15:01 36384]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [6/10/2004 2:27 19928]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMo n.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSy sMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNET URPX.SYS --> c:\windows\system32\drivers\FNETURPX.SYS [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 19:19 13592]
S3 ADASPROT;SYSTWEAKASO;\??\c:\program files\Advanced System Optimizer 3\adasprot32.sys --> c:\program files\Advanced System Optimizer 3\adasprot32.sys [?]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\usbcrft.sys [6/10/2004 2:26 17408]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\ TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pc tplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
2010-08-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2010-09-16 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2010-09-22 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2010-09-22 c:\windows\Tasks\User_Feed_Synchronization-{DA800A99-758F-4427-B51E-B27D91B0DBE9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
2010-09-22 c:\windows\Tasks\User_Feed_Synchronization-{ED978EBE-5B95-496F-96BC-BDB0F0990D01}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://www.tele2.be/mailconfig/config/bin/AccountHelper.cab
DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} - hxxps://utexbel.teleworking.belgacom.be/sslvpn.cab
.
- - - - ORPHANS VERWIJDERD - - - -
AddRemove-Smart Defrag_is1 - c:\program files\IObit\IObit SmartDefrag\unins000.exe
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-22 12:11
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil 10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil1 0i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\ð•€|ÿÿÿÿ.•€|þ»Ñw�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\€–}|ÿÿÿÿÀ•}|ù•9~�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(3996)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Voltooingstijd: 2010-09-22 12:19:36 - machine werd herstart
ComboFix-quarantined-files.txt 2010-09-22 10:19
ComboFix2.txt 2010-09-20 13:22
ComboFix3.txt 2010-08-28 09:14
Pre-Run: 12.365.893.632 bytes beschikbaar
Post-Run: 12.387.979.264 bytes beschikbaar
- - End Of File - - A611C1FA421893C0936CD678908932B9
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:55:11, on 22/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FortiSslvpnDaemon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\utorrent.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240780459375
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2.be/mailconfig/config/bin/AccountHelper.cab
O16 - DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} (fortisslvpn Class) - https://utexbel.teleworking.belgacom.be/sslvpn.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 {nl_NL} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 9698 bytes
Woudje100 22 September 2010, 15:01 Hallo,
Start HijackThis op. Klik op "Do a system scan only". Selecteer, indien aanwezig, het volgende:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=60341 (http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341)
Klik op "Fix checked" en sluit HijackThis
Let op!!! Windows Vista & 7 gebruikers dienen HijackThis als administrator uit te voeren "Rechtermuisknop uitvoeren als", indien dit via de snelkoppeling niet lukt voert u HijackThis als administrator uit in de volgende directory (C:\Program Files\Trend Micro\HiJackThis)
Ondervind je nog problemen?
Woudje100
zerufaar 23 September 2010, 14:32 Het probleem is veel verbeterd, maar nog niet voor 100% opgelost.
De overgang van de ene selectie naar de andere durft nog af en toe happeren.
In elk geval hartelijk dank voor de reeds gekregen hulp.
Woudje100 23 September 2010, 16:40 Hallo,
Open a.u.b. Internet Explorer.
Ga nu naar deze site: http://www.bitdefender.com/scanner/online/free.html
Klik onderaan de pagina op "Analyseren"
Klik op de groene knop met "Start scanner"
Er verschijnt nu een klein venstertje, vink "I agree with the Terms and Conditions" aan en klik op "Start here"
Je gaat nu een melding krijgen dat Bitdefender een invoegtoepassing wil installeren. Klik hier op en kies voor "Deze invoegtoepssing installeren voor alle gebruikers van deze computer..."
Er verschijnt weer een nieuw venstertje, klik hier op "Installeren".
Klik nu op "Start scan". Bitdefender wordt nu geüpdate en gaat scannen.
Sluit het venster als de scan gedaan is.
Daarna komt er een nieuw schermje met de keuze om de log naar bitdefender te sturen, als je dit wil mag dit, maar het is niet noodzakelijk.
Open verkenner (rechtsklik op Start), ga naar "C:\WINDOWS\BDOSCAN8" en post de inhoud van het bestandje genaamd "bdoscan.log", samen met een nieuw HijackThis logje, in je volgende bericht.
Woudje100
zerufaar 23 September 2010, 21:00 Ik geraak niet op de site van Bit Defender. Heb reeds verschillende keren geprobeerd, zonder succes.
Zal morgen nog proberen.
Woudje100 24 September 2010, 11:40 Probeer anders Eset:
Ga naar de site van de ESET Online Scanner (http://www.eset.com/onlinescan/)
Klik op de knop ESET Online Scanner
Zet een vinkje bij YES, I accept the Terms of Use
Klik op Start
Sta het ActiveX control toe om te installeren.
Klik op "Advanced settings"
Zet een vinkje bij de volgende opties:
Remove found threats
Scan archives
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Klik op Start
De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
Je mag het venster sluiten wanneer de scan klaar is.
Gebruik Kladblok om het logje te openen. Dit logje vind je op de locatie C:\Program Files\EsetOnlineScanner\log.txt
Kopieer en plak de inhoud van dit logje in je volgende bericht.
Woudje100
zerufaar 24 September 2010, 19:19 Hier volgt de gevraagde log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c4b0ca77c0d92047853a1775b60cd9d6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-09-24 04:36:54
# local_time=2010-09-24 06:36:54 (+0100, West-Europa (zomertijd))
# country="Belgium"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 3439110 3439110 0 0
# compatibility_mode=1797 16775141 100 100 105314 60234335 64989 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 364 364 0 0
# scanned=158788
# found=6
# cleaned=6
# scan_time=8446
C:\Documents and Settings\Eigenaar\Mijn documenten\Programmas\unlocker1.8.8.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Eigenaar\Mijn documenten\Programmas\Boekhouding\Ciel Solution 2007\Ciel Solution 2007.iso probably a variant of Win32/PSW.OnLineGames.FZAKSYT trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\unlocker1.8.7.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{033C36B7-89DD-4332-9568-4359C3EC0DB9}\RP39\A0012639.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{033C36B7-89DD-4332-9568-4359C3EC0DB9}\RP39\A0012640.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
Woudje100 25 September 2010, 19:06 Hallo,
Mag ik een nieuw HijackThis logje.
Werkt je pc weer naar behoren?
Woudje100
zerufaar 27 September 2010, 20:37 Hallo Woutje,
Mijn probleem is verbeterd, maar nog altijd niet 100% in orde.
Zou het aantal RAM geheugen hiervan niet een oorzaak kunnen zijn : mijn pC heeft 512 Mb RAM. Misschien is dit iets te weinig?
hier volgt de log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:30:19, on 27/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FortiSslvpnDaemon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\utorrent.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240780459375
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2.be/mailconfig/config/bin/AccountHelper.cab
O16 - DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} (fortisslvpn Class) - https://utexbel.teleworking.belgacom.be/sslvpn.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 {nl_NL} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 9527 bytes
Woudje100 28 September 2010, 17:16 Hallo,
Je HijackThis logje ziet er goed uit.
512 MB is tegenwoordig niet genoeg om goed met Windows XP te kunnen werken. Als je er een nieuw geheugenkaartje bij plaatst, dan zou de pc sneller moeten draaien.
Woudje100
zerufaar 29 September 2010, 20:30 OK.
Bedankt voor je hulp en advies.
Zerufaar
|
|