• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

Trage PC: HJT log bijgevoegd

Status
Niet open voor verdere reacties.

SFDiana

Junior lid
Lid geworden
12 mrt 2008
Berichten
66
Waarderingsscore
0
Onze pc wordt steeds trager en trager. IK heb er al een boel rommel afgegooid en draai standaard 1x per week CCleaner/ Glary utilities etc. naast het normale onderhoud maar ik kom er niet achter wat het probleem is.
De pc wordt door de hele familie gebruikt.
Ik hoop dat jullie weer kunnen en willen helpen! Het wordt in ieder geval door mij heel erg gewaardeerd!

Groetjes Diana

Hieronder een HJT log en daaronder de uninstall log.

[hjt]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:56:10, on 13-10-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\zonelabs\vsmon.exe
c:\program files\avast software\avast\avastsvc.exe
c:\windows\system32\spoolsv.exe
c:\program files\ivt corporation\bluesoleil\btntservice.exe
c:\windows\system32\svchost.exe
c:\program files\java\jre6\bin\jqs.exe
c:\windows\explorer.exe
c:\program files\common files\lightscribe\lssrvc.exe
c:\windows\system32\hpzipm12.exe
c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
c:\program files\secunia\psi\sua.exe
c:\program files\via\raid\raid_tool.exe
c:\windows\system32\svchost.exe
c:\windows\system32\rundll32.exe
c:\program files\adobe\reader 9.0\reader\reader_sl.exe
c:\program files\common files\java\java update\jusched.exe
c:\program files\avast software\avast\avastui.exe
c:\program files\zone labs\zonealarm\zlclient.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\wuauclt.exe
c:\program files\lacie\backup software\laciebackup.exe
c:\program files\messenger\msmsgs.exe
c:\program files\windows media player\wmpnscfg.exe
c:\documents and settings\diana\local settings\application data\google\chrome\application\chrome.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\documents and settings\diana\local settings\application data\google\chrome\application\chrome.exe
c:\windows\system32\wuauclt.exe
c:\documents and settings\diana\local settings\application data\google\chrome\application\chrome.exe
c:\documents and settings\diana\local settings\application data\google\chrome\application\chrome.exe
c:\windows\system32\msiexec.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.startpagina.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hkcu\software\microsoft\internet explorer\main,local page =
r0 - hklm\software\microsoft\internet explorer\main,local page =
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: avast! webrep - {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswwebrepie.dll
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: avast! webrep - {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswwebrepie.dll
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll
o4 - hklm\..\run: [raidtool] c:\program files\via\raid\raid_tool.exe
o4 - hklm\..\run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [adobe arm] c:\program files\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\common files\java\java update\jusched.exe
o4 - hklm\..\run: [avast] c:\program files\avast software\avast\avastui.exe /nogui
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [zonealarm client] c:\program files\zone labs\zonealarm\zlclient.exe
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [lacie backup] c:\program files\lacie\backup software\\laciebackup.exe /background
o4 - hkcu\..\run: [msmsgs] c:\program files\messenger\msmsgs.exe /background
o4 - hkcu\..\run: [wmpnscfg] c:\program files\windows media player\wmpnscfg.exe
o4 - hkcu\..\run: [google update] c:\documents and settings\diana\local settings\application data\google\update\googleupdate.exe /c
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o9 - extra button: in weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &in weblog opnemen met windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: onderzoek - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office11\refiebar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o14 - iereset.inf: start_page_url=[noparse]http://www.qmotion.nl[/noparse]
o16 - dpf: {0dbf2423-33d3-4084-b83e-6a3661f2cd46} (album upload software control) - [noparse]http://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/imageuploader6.cab[/noparse]
o16 - dpf: {28b66320-9687-4b13-8757-36f901887ab5} (canvasx class) - [noparse]http://fotoalbum.fotoquelle.nl/ips-opdata/layout/aspadmin/objects/canvasx.cab[/noparse]
o16 - dpf: {34dc6011-88b5-4ea9-ba7a-dc7b4f4437fe} (jordanuploader class) - [noparse]http://fotoalbum.fotoquelle.nl/ips-opdata/objects/jordan.cab[/noparse]
o16 - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) - [noparse]http://gfx1.hotmail.com/mail/w3/resources/msnpupld.cab[/noparse]
o16 - dpf: {63d6dd13-c913-466d-9444-9357561e4d94} (upload-applicatie control) - [noparse]http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab[/noparse]
o16 - dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} (wuwebcontrol class) - [noparse]http://www.update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/wuweb_site.cab?1263894025140[/noparse]
o16 - dpf: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (muwebcontrol class) - [noparse]http://www.update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/muweb_site.cab?1263893997031[/noparse]
o16 - dpf: {6e5e167b-1566-4316-b27f-0ddab3484cf7} (image uploader control) - [noparse]http://www.mijnalbum.nl/skin/v2/system/upload/imageuploader4.cab[/noparse]
o16 - dpf: {6e718d87-6909-4fce-92d4-edcb2f725727} (navigram control) - [noparse]http://www.navigram.com/engine/v911/navigram.cab[/noparse]
o16 - dpf: {8100d56a-5661-482c-bee8-afece305d968} (facebook photo uploader 5 control) - [noparse]http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/facebookphotouploader55.cab[/noparse]
o16 - dpf: {a18962f6-e6ed-40b1-97c9-1fb36f38bfa8} (aurigma image uploader 3.5 control) - [noparse]http://www.mijnalbum.nl/skin/system/upload/imageuploader3.cab[/noparse]
o16 - dpf: {a8f2b9bd-a6a0-486a-9744-18920d898429} (scorchplugin class) - [noparse]http://www.sibelius.com/download/software/win/activexplugin.cab[/noparse]
o16 - dpf: {a9f8d9ec-3d0a-4a60-bd82-fbd64bad370d} - [noparse]http://h20264.www2.hp.com/ediags/dd/install/hpdriverdiagnosticsxp2k.cab[/noparse]
o16 - dpf: {b7915d9f-6057-4153-be1b-8e234bd66980} (album upload software control control) - [noparse]http://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.23/imageuploader7.cab[/noparse]
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} (get_atlcom class) - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o16 - dpf: {e77f23eb-e7ab-4502-8f37-247dbaf1a147} (windows live hotmail photo upload tool) - [noparse]http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/msnpupld.cab[/noparse]
o16 - dpf: {edfcb7cb-942c-4822-af14-f0b687409848} (image uploader control) - [noparse]http://cache.hyves-static.net/statics/aurigma/imageuploader4.cab[/noparse]
o22 - sharedtaskscheduler: preloader van browseui - {438755c2-a8ba-11d1-b96b-00a0c90312e1} - c:\windows\system32\browseui.dll
o22 - sharedtaskscheduler: cache-daemon voor onderdeelcategorien - {8c7461ef-2b13-11d2-be35-3078302c2030} - c:\windows\system32\browseui.dll
o23 - service: avast! antivirus - avast software - c:\program files\avast software\avast\avastsvc.exe
o23 - service: bluesoleil hid service - unknown owner - c:\program files\ivt corporation\bluesoleil\btntservice.exe
o23 - service: google updateservice (gupdate) (gupdate) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: google update-service (gupdatem) (gupdatem) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: lavasoft ad-aware service - lavasoft limited - c:\program files\lavasoft\ad-aware\aawservice.exe
o23 - service: lightscribeservice direct disc labeling service (lightscribeservice) - unknown owner - c:\program files\common files\lightscribe\lssrvc.exe
o23 - service: pml driver hpz12 - hp - c:\windows\system32\hpzipm12.exe
o23 - service: secunia psi agent - secunia - c:\program files\secunia\psi\psia.exe
o23 - service: secunia update agent - secunia - c:\program files\secunia\psi\sua.exe
o23 - service: truevector internet monitor (vsmon) - check point software technologies ltd - c:\windows\system32\zonelabs\vsmon.exe
--
end of file - 11698 bytes

[/hjt]



7-Zip 4.57
Ad-Aware
Ad-Aware
Adobe Digital Editions
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6 - Nederlands
Adobe Shockwave Player 11.6
Adobe Shockwave Player 11.6
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Textures
Alien Skin Xenofex 2.0
AmbraSoft Familiepakket 0910
Apple Application Support
avast! Free Antivirus
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2360131)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2482017)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2497640)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2530548)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2544521)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2559049)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
Beveiligingsupdate voor Windows Media Player (KB2378111)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB954155)
Beveiligingsupdate voor Windows Media Player (KB968816)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows Media Player (KB975558)
Beveiligingsupdate voor Windows Media Player (KB978695)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows XP (KB2079403)
Beveiligingsupdate voor Windows XP (KB2115168)
Beveiligingsupdate voor Windows XP (KB2121546)
Beveiligingsupdate voor Windows XP (KB2229593)
Beveiligingsupdate voor Windows XP (KB2259922)
Beveiligingsupdate voor Windows XP (KB2279986)
Beveiligingsupdate voor Windows XP (KB2286198)
Beveiligingsupdate voor Windows XP (KB2296011)
Beveiligingsupdate voor Windows XP (KB2347290)
Beveiligingsupdate voor Windows XP (KB2360937)
Beveiligingsupdate voor Windows XP (KB2387149)
Beveiligingsupdate voor Windows XP (KB2393802)
Beveiligingsupdate voor Windows XP (KB2412687)
Beveiligingsupdate voor Windows XP (KB2419632)
Beveiligingsupdate voor Windows XP (KB2423089)
Beveiligingsupdate voor Windows XP (KB2440591)
Beveiligingsupdate voor Windows XP (KB2443105)
Beveiligingsupdate voor Windows XP (KB2476490)
Beveiligingsupdate voor Windows XP (KB2476687)
Beveiligingsupdate voor Windows XP (KB2478960)
Beveiligingsupdate voor Windows XP (KB2478971)
Beveiligingsupdate voor Windows XP (KB2479628)
Beveiligingsupdate voor Windows XP (KB2479943)
Beveiligingsupdate voor Windows XP (KB2481109)
Beveiligingsupdate voor Windows XP (KB2483185)
Beveiligingsupdate voor Windows XP (KB2485376)
Beveiligingsupdate voor Windows XP (KB2485663)
Beveiligingsupdate voor Windows XP (KB2503658)
Beveiligingsupdate voor Windows XP (KB2503665)
Beveiligingsupdate voor Windows XP (KB2506212)
Beveiligingsupdate voor Windows XP (KB2506223)
Beveiligingsupdate voor Windows XP (KB2507618)
Beveiligingsupdate voor Windows XP (KB2507938)
Beveiligingsupdate voor Windows XP (KB2508272)
Beveiligingsupdate voor Windows XP (KB2508429)
Beveiligingsupdate voor Windows XP (KB2509553)
Beveiligingsupdate voor Windows XP (KB2511455)
Beveiligingsupdate voor Windows XP (KB2524375)
Beveiligingsupdate voor Windows XP (KB2535512)
Beveiligingsupdate voor Windows XP (KB2536276)
Beveiligingsupdate voor Windows XP (KB2536276-v2)
Beveiligingsupdate voor Windows XP (KB2544893)
Beveiligingsupdate voor Windows XP (KB2555917)
Beveiligingsupdate voor Windows XP (KB2562937)
Beveiligingsupdate voor Windows XP (KB2566454)
Beveiligingsupdate voor Windows XP (KB2567680)
Beveiligingsupdate voor Windows XP (KB2570222)
Beveiligingsupdate voor Windows XP (KB2570947)
Beveiligingsupdate voor Windows XP (KB913433)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956744)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB956844)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958869)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961371-v2)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969059)
Beveiligingsupdate voor Windows XP (KB969947)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB970430)
Beveiligingsupdate voor Windows XP (KB971468)
Beveiligingsupdate voor Windows XP (KB971486)
Beveiligingsupdate voor Windows XP (KB971557)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973346)
Beveiligingsupdate voor Windows XP (KB973354)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973525)
Beveiligingsupdate voor Windows XP (KB973869)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974112)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB974571)
Beveiligingsupdate voor Windows XP (KB975025)
Beveiligingsupdate voor Windows XP (KB975467)
Beveiligingsupdate voor Windows XP (KB975560)
Beveiligingsupdate voor Windows XP (KB975561)
Beveiligingsupdate voor Windows XP (KB975562)
Beveiligingsupdate voor Windows XP (KB975713)
Beveiligingsupdate voor Windows XP (KB977165)
Beveiligingsupdate voor Windows XP (KB977816)
Beveiligingsupdate voor Windows XP (KB977914)
Beveiligingsupdate voor Windows XP (KB978037)
Beveiligingsupdate voor Windows XP (KB978251)
Beveiligingsupdate voor Windows XP (KB978262)
Beveiligingsupdate voor Windows XP (KB978338)
Beveiligingsupdate voor Windows XP (KB978542)
Beveiligingsupdate voor Windows XP (KB978601)
Beveiligingsupdate voor Windows XP (KB978706)
Beveiligingsupdate voor Windows XP (KB979309)
Beveiligingsupdate voor Windows XP (KB979482)
Beveiligingsupdate voor Windows XP (KB979559)
Beveiligingsupdate voor Windows XP (KB979683)
Beveiligingsupdate voor Windows XP (KB979687)
Beveiligingsupdate voor Windows XP (KB980195)
Beveiligingsupdate voor Windows XP (KB980218)
Beveiligingsupdate voor Windows XP (KB980232)
Beveiligingsupdate voor Windows XP (KB980436)
Beveiligingsupdate voor Windows XP (KB981322)
Beveiligingsupdate voor Windows XP (KB981852)
Beveiligingsupdate voor Windows XP (KB981957)
Beveiligingsupdate voor Windows XP (KB981997)
Beveiligingsupdate voor Windows XP (KB982132)
Beveiligingsupdate voor Windows XP (KB982214)
Beveiligingsupdate voor Windows XP (KB982665)
BlueSoleil
Canon MP Navigator 2.0
Canon MP150
CCleaner
Color Efex Pro 3.0 Complete
CoreAAC
Corel Paint Shop Pro X
DeviceIO
DVD Shrink 3.2
Essentile update voor Windows Media Player 11 (KB959772)
Eusing Free Registry Cleaner
Eye Candy 4000
Filters Unlimited 1.0
Filters Unlimited 2.0
Free YouTube Download version 2.10.30
Glary Utilities 2.36.0.1232
GMail Drive Shell Extension
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB2158563)
Hotfix voor Windows XP (KB2443685)
Hotfix voor Windows XP (KB2570791)
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB961118)
Hotfix voor Windows XP (KB970653-v3)
Hotfix voor Windows XP (KB976098-v2)
Hotfix voor Windows XP (KB979306)
Hotfix voor Windows XP (KB981793)
ImgBurn
IrfanView (remove only)
Jasc Animation Shop 3
Java(TM) 6 Update 26
Junk Mail filter update
LaCie Backup Software v1.5.2378
LandGrabbers
Malwarebytes' Anti-Malware versie 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Language Pack - NLD
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.3
Microsoft Office Professional Editie 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Suite
Outlook Express Backup V6.5
PC Inspector smart recovery
procreate(TM) Painter Classic(TM)
PureHD
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Roll
Secunia PSI (2.0.0.3003)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Segoe UI
Setup
Spybot - Search & Destroy
Sqirlz Water Reflections
swMSM
The Sims Deluxe
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update voor Windows Internet Explorer 8 (KB969497)
Update voor Windows Internet Explorer 8 (KB976662)
Update voor Windows Internet Explorer 8 (KB980182)
Update voor Windows XP (KB2141007)
Update voor Windows XP (KB2345886)
Update voor Windows XP (KB2541763)
Update voor Windows XP (KB2616676)
Update voor Windows XP (KB2616676-v2)
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB961503)
Update voor Windows XP (KB967715)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB971029)
Update voor Windows XP (KB971737)
Update voor Windows XP (KB973687)
Update voor Windows XP (KB973815)
VIA/S3G Display Driver
VIO
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 9.0 CRT (x86) WinSXS MSM
Visual C++ 9.0 CRT (x86) WinSXS MSM
Visual C++ 9.0 OpenMP (x86) WinSXS MSM
Visual C++ 9.0 OpenMP (x86) WinSXS MSM
WinAVI Video Converter
WinAVI Video Converter
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
ZoneAlarm
 
Hoi Diana, welkom op dit fijne forum.

Uit de traagheid zich mogelijk langzaam opstarten enz.?

Advies: verder Lavasoft AdAware volledig uit Windows.


Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:
  • Lees alle instrukties goed door.
  • Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken.
  • Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken.
  • Gebruik altijd n scanner per keer, nooit meerdere tegelijk gebruiken.
  • Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
  • De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.

Stap 1
Sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop Fix checked klikt!

Start nu HijackThis en klik op de knop Do a Scan only,

o14 - iereset.inf: start_page_url=http://www.qmotion.nl

  • zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
  • Sluit nu de webbrowser en vervolgens klik je daarna op de knop Fix checked
  • Klik hierna HijackThis op uit.

Stap 2
Welk programma: Microsoft Safety Scanner
Waarvoor/waarom: specialistische scanner van Microsoft om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.
Opmerking: Microsoft Safety Scanner verloopt 10 dagen nadat het is gedownload.
Als u opnieuw een scan wilt uitvoeren met de nieuwste definities ter voorkoming van schadelijke software,
downloadt u Microsoft Safety Scanner opnieuw en voert u het opnieuw uit.
Dowload de Microsoft Safety Scanner hier.

Windows 2000 en Windows XP: start Microsoft's Safety Scanner middels dubbelklik op de snelkoppeling.
Windows Vista en Windows 7: start Microsoft's Safety Scanner middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
Zet vervolgens een vinkje bij "Ik accepteer de voorwaarden van de bovenstaande gebruiksovereenkomst".

Scannen:
  • Bij het starten van 'Microsoft's Safety Scanner', klik op de knop "Volgende", vervolgens kies je voor 'Snelle Scan'.
  • Het scannen duurt wel even, dus wees geduldig.

Stap 3
Welk programma: Malwarebytes MBAM
Waarvoor/waarom: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.

Download Malwarebytes MBAM via n van deze locaties:
Allereerst:
  • Al meteen na de installatie wil 'MBAM' zijn database opwaarderen toestaan dus.
  • Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'!
Malwarebytes MBAM opstarten:
Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
  • Let op:
    • Malwarebytes verstrekt nu de volledige versie van MBAM.
    • Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie.
    • Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
    • Zodoende zal MBAM als gratis versie verder te gebruiken zijn
mbam2.png


  • Doe ook nog het volgende:
    • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".

Scannen:
  • Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
  • Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
  • Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.
Infecties gevonden:
  • Klik nu eerst op OK om de melding weg te klikken
  • Klik vervolgens rechtsonder op de knop Bekijk resultaten.
  • Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  • Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven dan telkens op 'OK' klikken!
  • Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.
MBAM-Log:
  • Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.
Post aansluitend in je volgende bericht de inhoud van het MBAM-log.


Stap 4
Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:
  • een nieuw Hijackthis-log via de kleurcodeerder
  • MBAM scanlog
 
Dank je wel voor je antwoord en hulp. Inderdaad duurt het steeds langer voor de pc opstart terwijl ik bij opstart items niet zo veel zie staan. Ook het afsluiten duurt lang. Als we een online spelletje spelen gaat het 5 minuten goed en daarna bevriest de boel of reageert super traag. Geen lol aan zo. :-( Hopelijk weten jullie nog raad en anders is het formatteren.

De scans gaven geen malware etc aan.
Hieronder mijn HJT log en de MBAM scanlog.

[hjt]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:36:16, on 14-10-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\zonelabs\vsmon.exe
c:\program files\avast software\avast\avastsvc.exe
c:\windows\system32\spoolsv.exe
c:\windows\explorer.exe
c:\program files\via\raid\raid_tool.exe
c:\windows\system32\rundll32.exe
c:\program files\common files\java\java update\jusched.exe
c:\program files\ivt corporation\bluesoleil\btntservice.exe
c:\program files\avast software\avast\avastui.exe
c:\program files\zone labs\zonealarm\zlclient.exe
c:\windows\system32\ctfmon.exe
c:\program files\lacie\backup software\laciebackup.exe
c:\program files\messenger\msmsgs.exe
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\svchost.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\common files\lightscribe\lssrvc.exe
c:\windows\system32\hpzipm12.exe
c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
c:\program files\secunia\psi\sua.exe
c:\windows\system32\svchost.exe
c:\windows\system32\wuauclt.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.startpagina.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hkcu\software\microsoft\internet explorer\main,local page =
r0 - hklm\software\microsoft\internet explorer\main,local page =
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: avast! webrep - {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswwebrepie.dll
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: avast! webrep - {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswwebrepie.dll
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll
o4 - hklm\..\run: [raidtool] c:\program files\via\raid\raid_tool.exe
o4 - hklm\..\run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [adobe arm] c:\program files\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\common files\java\java update\jusched.exe
o4 - hklm\..\run: [avast] c:\program files\avast software\avast\avastui.exe /nogui
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [zonealarm client] c:\program files\zone labs\zonealarm\zlclient.exe
o4 - hklm\..\runonce: [malwarebytes' anti-malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [lacie backup] c:\program files\lacie\backup software\\laciebackup.exe /background
o4 - hkcu\..\run: [msmsgs] c:\program files\messenger\msmsgs.exe /background
o4 - hkcu\..\run: [wmpnscfg] c:\program files\windows media player\wmpnscfg.exe
o4 - hkcu\..\run: [google update] c:\documents and settings\diana\local settings\application data\google\update\googleupdate.exe /c
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o9 - extra button: in weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &in weblog opnemen met windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: onderzoek - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office11\refiebar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: {0dbf2423-33d3-4084-b83e-6a3661f2cd46} (album upload software control) - [noparse]http://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/imageuploader6.cab[/noparse]
o16 - dpf: {28b66320-9687-4b13-8757-36f901887ab5} (canvasx class) - [noparse]http://fotoalbum.fotoquelle.nl/ips-opdata/layout/aspadmin/objects/canvasx.cab[/noparse]
o16 - dpf: {34dc6011-88b5-4ea9-ba7a-dc7b4f4437fe} (jordanuploader class) - [noparse]http://fotoalbum.fotoquelle.nl/ips-opdata/objects/jordan.cab[/noparse]
o16 - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) - [noparse]http://gfx1.hotmail.com/mail/w3/resources/msnpupld.cab[/noparse]
o16 - dpf: {63d6dd13-c913-466d-9444-9357561e4d94} (upload-applicatie control) - [noparse]http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab[/noparse]
o16 - dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} (wuwebcontrol class) - [noparse]http://www.update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/wuweb_site.cab?1263894025140[/noparse]
o16 - dpf: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (muwebcontrol class) - [noparse]http://www.update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/muweb_site.cab?1263893997031[/noparse]
o16 - dpf: {6e5e167b-1566-4316-b27f-0ddab3484cf7} (image uploader control) - [noparse]http://www.mijnalbum.nl/skin/v2/system/upload/imageuploader4.cab[/noparse]
o16 - dpf: {6e718d87-6909-4fce-92d4-edcb2f725727} (navigram control) - [noparse]http://www.navigram.com/engine/v911/navigram.cab[/noparse]
o16 - dpf: {8100d56a-5661-482c-bee8-afece305d968} (facebook photo uploader 5 control) - [noparse]http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/facebookphotouploader55.cab[/noparse]
o16 - dpf: {a18962f6-e6ed-40b1-97c9-1fb36f38bfa8} (aurigma image uploader 3.5 control) - [noparse]http://www.mijnalbum.nl/skin/system/upload/imageuploader3.cab[/noparse]
o16 - dpf: {a8f2b9bd-a6a0-486a-9744-18920d898429} (scorchplugin class) - [noparse]http://www.sibelius.com/download/software/win/activexplugin.cab[/noparse]
o16 - dpf: {a9f8d9ec-3d0a-4a60-bd82-fbd64bad370d} - [noparse]http://h20264.www2.hp.com/ediags/dd/install/hpdriverdiagnosticsxp2k.cab[/noparse]
o16 - dpf: {b7915d9f-6057-4153-be1b-8e234bd66980} (album upload software control control) - [noparse]http://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.23/imageuploader7.cab[/noparse]
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} (get_atlcom class) - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o16 - dpf: {e77f23eb-e7ab-4502-8f37-247dbaf1a147} (windows live hotmail photo upload tool) - [noparse]http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/msnpupld.cab[/noparse]
o16 - dpf: {edfcb7cb-942c-4822-af14-f0b687409848} (image uploader control) - [noparse]http://cache.hyves-static.net/statics/aurigma/imageuploader4.cab[/noparse]
o22 - sharedtaskscheduler: preloader van browseui - {438755c2-a8ba-11d1-b96b-00a0c90312e1} - c:\windows\system32\browseui.dll
o22 - sharedtaskscheduler: cache-daemon voor onderdeelcategorien - {8c7461ef-2b13-11d2-be35-3078302c2030} - c:\windows\system32\browseui.dll
o23 - service: avast! antivirus - avast software - c:\program files\avast software\avast\avastsvc.exe
o23 - service: bluesoleil hid service - unknown owner - c:\program files\ivt corporation\bluesoleil\btntservice.exe
o23 - service: google updateservice (gupdate) (gupdate) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: google update-service (gupdatem) (gupdatem) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: lavasoft ad-aware service - lavasoft limited - c:\program files\lavasoft\ad-aware\aawservice.exe
o23 - service: lightscribeservice direct disc labeling service (lightscribeservice) - unknown owner - c:\program files\common files\lightscribe\lssrvc.exe
o23 - service: pml driver hpz12 - hp - c:\windows\system32\hpzipm12.exe
o23 - service: secunia psi agent - secunia - c:\program files\secunia\psi\psia.exe
o23 - service: secunia update agent - secunia - c:\program files\secunia\psi\sua.exe
o23 - service: truevector internet monitor (vsmon) - check point software technologies ltd - c:\windows\system32\zonelabs\vsmon.exe
--
end of file - 11197 bytes

[/hjt]


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Databaseversie: 7946

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14-10-2011 17:23:50
mbam-log-2011-10-14 (17-23-50).txt

Scantype: Snelle scan
Objecten gescand: 210962
Verstreken tijd: 13 minuut/minuten, 39 seconde(n)

Geheugenprocessen genfecteerd: 0
Geheugenmodulen genfecteerd: 0
Registersleutels genfecteerd: 0
Registerwaarden genfecteerd: 0
Registerdata genfecteerd: 0
Mappen genfecteerd: 0
Bestanden genfecteerd: 0

Geheugenprocessen genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
 
Je mag het volgende doen:

Welk programma: ComboFix
Waarvoor/waarom: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
Moeilijkheidsgraad: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden!
Download ComboFix via n van deze locaties:
Hier zie je hoe je ComboFix moet gebruiken.

Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
Hier en hier
vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

Opmerkingen:
  • Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
ComboFix opstarten:
  • Windows 2000 en Windows XP: start ComboFix.exe middels dubbelklik op ComboFix.exe.
  • Windows Vista en Windows 7: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor "Als Administrator uitvoeren".
ComboFix is opgestart:
  • Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
  • Combofix sluit tijdens de scan de internet verbinding probeer deze tussentijds niet te herstellen!
  • Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
  • Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
  • Post de inhoud van dit logbestand via DDRMMR's kleurcodeerder in je volgende bericht.
  • Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt
Belangrijke opmerking:
  • Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
  • Illegal operation attempted on a registery key that has been marked for deletion.
  • Start dan de computer opnieuw op.
 
Hier dan het Combofix log:

[hjt]
combofix 11-10-14.02 - diana 14-10-2011 18:29:33.2.1 - x86
microsoft windows xp home edition 5.1.2600.3.1252.31.1043.18.958.572 [gmt 2:00]
gestart vanuit: c:\documents and settings\diana\bureaublad\combofix.exe
av: avast! antivirus *disabled/updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
av: lavasoft ad-watch live! antivirus *disabled/updated* {a1c4f2e0-7fde-4917-afae-013efc3ede33}
fw: zonealarm firewall *disabled* {829bda32-94b3-44f4-8446-f8fcff809f8b}
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\diana\application data\log.txt
c:\documents and settings\diana\menu start\internet explorer.lnk
c:\documents and settings\diana\windows
c:\windows\fonts\franais.exe
c:\windows\isun0413.exe
c:\windows\iun6002.exe
c:\windows\system32\thumbs.db
c:\windows\xsxs
f:\resycled
.
.
((((((((((((((((((((((((((((((((((((((( drivers/services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\legacy_boonty_games
-------\service_boonty games
.
.
(((((((((((((((((((( bestanden gemaakt van 2011-09-14 to 2011-10-14 ))))))))))))))))))))))))))))))
.
.
2011-10-13 21:55 . 2011-10-13 21:55 388096 ----a-r- c:\documents and settings\diana\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\hijackthis.exe
2011-10-13 19:35 . 2011-10-14 15:53 -------- d--h--r- c:\documents and settings\diana\onlangs geopend
2011-10-09 22:16 . 2008-07-10 09:00 3851784 ----a-w- c:\windows\system32\d3dx9_39.dll
2011-10-09 22:13 . 2011-10-13 19:36 -------- d-----w- c:\windows\logs
2011-10-08 14:51 . 2011-10-08 14:51 -------- d-----w- c:\documents and settings\diana\application data\wendigostudios
2011-09-30 17:59 . 2011-10-07 15:31 -------- d-----w- c:\documents and settings\siep\local settings\application data\fileserve manager
2011-09-28 20:57 . 2011-09-28 20:57 -------- d-----w- c:\documents and settings\diana\application data\nevosoft
2011-09-28 20:50 . 2011-09-28 20:50 -------- dc----w- c:\zylom games
2011-09-26 12:32 . 2011-09-27 14:56 -------- d-----w- c:\documents and settings\diana\application data\friday's games
2011-09-19 12:02 . 2011-09-19 12:14 -------- d-----w- c:\documents and settings\all users\application data\dvd shrink
2011-09-16 10:17 . 2011-09-16 10:17 -------- d-sh--w- c:\documents and settings\default user\ietldcache
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-25 15:04 . 2011-05-16 20:33 404640 ----a-w- c:\windows\system32\flashplayercplapp.cpl
2011-09-09 09:12 . 2006-06-08 10:47 602624 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2011-08-15 12:11 41184 ----a-w- c:\windows\avastss.scr
2011-09-06 20:45 . 2011-08-15 12:11 199304 ----a-w- c:\windows\system32\aswboot.exe
2011-09-06 20:38 . 2011-08-15 12:12 442200 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2011-09-06 20:37 . 2011-08-15 12:12 320856 ----a-w- c:\windows\system32\drivers\aswsp.sys
2011-09-06 20:36 . 2011-08-15 12:12 34392 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2011-09-06 20:36 . 2011-08-15 12:12 52568 ----a-w- c:\windows\system32\drivers\aswtdi.sys
2011-09-06 20:36 . 2011-08-15 12:12 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-08-15 12:12 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-08-15 12:12 20568 ----a-w- c:\windows\system32\drivers\aswfsblk.sys
2011-09-06 20:33 . 2011-08-15 12:12 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:09 . 2006-06-08 10:47 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 15:00 . 2011-04-06 08:48 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:41 . 2006-06-08 10:47 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2006-06-08 10:47 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2006-06-08 10:47 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:58 . 2006-06-08 10:47 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-06-08 10:47 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2006-11-15 15:02 . 2006-11-15 15:02 774144 -c--a-w- c:\program files\rnginterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083b0-c522-11cf-8763-00608cc02f24}"
[hkey_classes_root\clsid\{472083b0-c522-11cf-8763-00608cc02f24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\avast software\avast\ashshell.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext1]
@="{fb314ed9-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ed9-a251-47b7-93e1-cdd82e34af8b}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\diana\application data\dropbox\bin\dropboxext.14.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext2]
@="{fb314eda-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314eda-a251-47b7-93e1-cdd82e34af8b}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\diana\application data\dropbox\bin\dropboxext.14.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext3]
@="{fb314edb-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edb-a251-47b7-93e1-cdd82e34af8b}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\diana\application data\dropbox\bin\dropboxext.14.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext4]
@="{fb314edc-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edc-a251-47b7-93e1-cdd82e34af8b}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\diana\application data\dropbox\bin\dropboxext.14.dll
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"lacie backup"=c:\program files\lacie\backup software\\laciebackup.exe [2006-07-06 2596864]
"wmpnscfg"=c:\program files\windows media player\wmpnscfg.exe [2006-11-02 204288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"raidtool"=c:\program files\via\raid\raid_tool.exe [2005-06-20 1056768]
"bluetoothauthenticationagent"="bthprops.cpl" [2008-04-14 110592]
"adobe reader speed launcher"=c:\program files\adobe\reader 9.0\reader\reader_sl.exe [2011-09-07 37296]
"adobe arm"=c:\program files\common files\adobe\arm\1.0\adobearm.exe [2011-03-30 937920]
"sunjavaupdatesched"=c:\program files\common files\java\java update\jusched.exe [2011-04-08 254696]
"avast"=c:\program files\avast software\avast\avastui.exe [2011-09-06 3722416]
"quicktime task"=c:\program files\quicktime\qttask.exe [2011-07-05 421888]
"zonealarm client"=c:\program files\zone labs\zonealarm\zlclient.exe [2011-03-17 1043968]
.
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe [2008-04-14 15360]
.
[hkey_local_machine\system\currentcontrolset\control\session manager]
bootexecute reg_multi_sz autocheck autochk *\0ssiefr.e\0lsdelete
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\lavasoft ad-aware service]
@="service"
.
[hklm\~\startupfolder\c:^documents and settings^all users^menu start^programma's^opstarten^adobe reader speed launch.lnk]
.
[hklm\~\startupfolder\c:^documents and settings^all users^menu start^programma's^opstarten^tabuserw.lnk]
hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\rambooster
hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\remotecontrol
hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\spybotsd teatimer
hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe arm]
2011-03-30 04:59 937920 ----a-r- c:\program files\common files\adobe\arm\1.0\adobearm.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\adobe\reader 9.0\reader\reader_sl.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\hpdj taskbar utility]
2002-11-05 18:46 188416 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
2008-04-14 17:03 1695232 ------w- c:\program files\messenger\msmsgs.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck]
2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\nerocheck.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\soundman]
2005-08-17 10:39 90112 -c--a-r- c:\windows\soundman.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\vttimer]
2005-03-07 19:33 53248 -c--a-r- c:\windows\system32\vttimer.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\vttrayp]
2005-03-11 09:33 147456 -c--a-r- c:\windows\system32\vttrayp.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\wmpnscfg]
2006-11-02 21:53 204288 ----a-w- c:\program files\windows media player\wmpnscfg.exe
.
[hkey_local_machine\software\microsoft\windows\currentversion\run-disabled]
"hp software update"=c:\program files\hp\hp software update\hpwuschd2.exe
"sunjavaupdatesched"=c:\program files\common files\java\java update\jusched.exe
.
[hkey_local_machine\software\microsoft\security center\monitoring\zonelabsfirewall]
"disablemonitoring"=dword:00000001
.
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\\system32\\sessmgr.exe=
c:\\program files\\ivt corporation\\bluesoleil\\bluesoleil.exe=
%windir%\\network diagnostic\\xpnetdiag.exe=
c:\\program files\\windows live\\messenger\\msnmsgr.exe=
c:\\program files\\windows live\\sync\\windowslivesync.exe=
c:\\documents and settings\\diana\\application data\\dropbox\\bin\\dropbox.exe=
c:\\windows\\system32\\zonelabs\\vsmon.exe=
.
r0 lbd;lbd;c:\windows\system32\drivers\lbd.sys [30-8-2009 14:11 64512]
r0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26-3-2008 12:00 716272]
r1 aswsnx;aswsnx;c:\windows\system32\drivers\aswsnx.sys [15-8-2011 14:12 442200]
r1 aswsp;aswsp;c:\windows\system32\drivers\aswsp.sys [15-8-2011 14:12 320856]
r2 aswfsblk;aswfsblk;c:\windows\system32\drivers\aswfsblk.sys [15-8-2011 14:12 20568]
r2 secunia update agent;secunia update agent;c:\program files\secunia\psi\sua.exe [19-4-2011 8:44 399416]
s2 gupdate;google updateservice (gupdate);c:\program files\google\update\googleupdate.exe [13-4-2011 18:04 136176]
s3 fxdrv;fxdrv; [x]
s3 gupdatem;google update-service (gupdatem);c:\program files\google\update\googleupdate.exe [13-4-2011 18:04 136176]
s3 hitmanpro2;hitman pro 2 driver;c:\program files\hitman pro\hitmanpro2.sys [12-2-2007 10:52 10336]
s3 hitmanpro3;hitman pro 3 support driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
s3 lavasoft ad-aware service;lavasoft ad-aware service;c:\program files\lavasoft\ad-aware\aawservice.exe [1-4-2011 9:22 2152152]
s3 lavasoft kernexplorer;lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [1-4-2011 9:22 15232]
s3 nosgetplushelper;getplus(r) helper 3004;c:\windows\system32\svchost.exe -k nosgetplushelper [8-6-2006 12:47 14336]
s3 psi;psi;c:\windows\system32\drivers\psi_mf.sys [1-9-2010 10:30 15544]
s3 secunia psi agent;secunia psi agent;c:\program files\secunia\psi\psia.exe [19-4-2011 8:44 993848]
.
[hkey_local_machine\software\microsoft\windows nt\currentversion\svchost]
getplushelper reg_multi_sz getplushelper
nosgetplushelper reg_multi_sz nosgetplushelper
.
inhoud van de 'gedeelde taken' map
.
2011-10-12 c:\windows\tasks\ad-aware update (weekly).job
- c:\program files\lavasoft\ad-aware\ad-awareadmin.exe [2011-04-01 07:40]
.
2011-10-14 c:\windows\tasks\glaryinitialize.job
- c:\program files\glary utilities\initialize.exe [2010-09-20 16:47]
.
2011-10-14 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files\google\update\googleupdate.exe [2011-04-13 16:03]
.
2011-10-14 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files\google\update\googleupdate.exe [2011-04-13 16:03]
.
2011-10-13 c:\windows\tasks\googleupdatetaskusers-1-5-21-1643657994-656456579-2228755976-1006core.job
- c:\documents and settings\diana\local settings\application data\google\update\googleupdate.exe [2011-09-21 21:27]
.
2011-10-14 c:\windows\tasks\googleupdatetaskusers-1-5-21-1643657994-656456579-2228755976-1006ua.job
- c:\documents and settings\diana\local settings\application data\google\update\googleupdate.exe [2011-09-21 21:27]
.
2011-10-13 c:\windows\tasks\googleupdatetaskusers-1-5-21-1643657994-656456579-2228755976-1007core.job
- c:\documents and settings\siep\local settings\application data\google\update\googleupdate.exe [2011-09-27 21:27]
.
2011-10-14 c:\windows\tasks\googleupdatetaskusers-1-5-21-1643657994-656456579-2228755976-1007ua.job
- c:\documents and settings\siep\local settings\application data\google\update\googleupdate.exe [2011-09-27 21:27]
.
.
------- bijkomende scan -------
.
ustart page = hxxp://www.startpagina.nl/
uinternet connection wizard,shellnext = iexplore
tcp: dhcpnameserver = 10.0.0.1
dpf: {0dbf2423-33d3-4084-b83e-6a3661f2cd46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/imageuploader6.cab
dpf: {34dc6011-88b5-4ea9-ba7a-dc7b4f4437fe} - hxxp://fotoalbum.fotoquelle.nl/ips-opdata/objects/jordan.cab
dpf: {63d6dd13-c913-466d-9444-9357561e4d94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab
dpf: {b7915d9f-6057-4153-be1b-8e234bd66980} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.23/imageuploader7.cab
.
- - - - orphans verwijderd - - - -
.
toolbar-locked - (no file)
addremove-procreate painter classic - c:\program files\procreate painter classic\uninstppc.isu
.
.
.
**************************************************************************
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
scan succesvol afgerond
verborgen bestanden:
.
**************************************************************************
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_users\s-1-5-21-1643657994-656456579-2228755976-1006\software\local appwizard-generated applications\via raid tool]
@dacl=(02 0000)
@sacl=
.
[hkey_users\s-1-5-21-1643657994-656456579-2228755976-1006\software\microsoft\mediaplayer\player\skins\res://wmploc/rt_text/mainappskin2.wsz]
@dacl=(02 0000)
@sacl=
"prefs"="mute;false;tracktimeformat;0"
.
[hkey_users\s-1-5-21-1643657994-656456579-2228755976-1006\software\microsoft\systemcertificates\addressbook*]
@allowed: (read) (restrictedcode)
@allowed: (read) (restrictedcode)
.
[hkey_local_machine\software\classes\applications\photosnapviewer.exe\shell]
@dacl=(02 0000)
@sacl=
@="open"
.
[hkey_local_machine\software\microsoft\advanced inf setup\iehomepageinfo\regbackup]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\microsoft\mediaplayer\10.0]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\microsoft\mediaplayer\services]
@dacl=(02 0000)
@sacl=
"noservices"=dword:00000000
.
[hkey_local_machine\software\microsoft\mediaplayer\settings]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\microsoft\mediaplayer\uiplugins\{292ae934-4f49-40bb-9e7e-6f6398ed9c31}]
@dacl=(02 0000)
@sacl=
"friendlyname"="nero fast cd-burning plugin"
"description"="uw cd branden"
"capabilities"=dword:40000001
.
[hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\localsystem\components\||9~*]
"3140110900063d11c8ef10054038389c"="c?\\windows\\system32\\fm20enu.dll"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{077acec7-979c-40ab-9835-435ba1511e0d}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{077acec7-979c-40ab-9835-435ba1511e0d}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{077acec7-979c-40ab-9835-435ba1511e0d}\\mppre10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{077acec7-979c-40ab-9835-435ba1511e0d}\\mppre10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{30c7234b-6482-4a55-a11d-ecd9030313f2}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{30c7234b-6482-4a55-a11d-ecd9030313f2}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{30c7234b-6482-4a55-a11d-ecd9030313f2}\\wmdm10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{30c7234b-6482-4a55-a11d-ecd9030313f2}\\wmdm10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{3fdf25ee-e592-4495-8391-6e9c504dac2b}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{3fdf25ee-e592-4495-8391-6e9c504dac2b}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{3fdf25ee-e592-4495-8391-6e9c504dac2b}\\wmset10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{3fdf25ee-e592-4495-8391-6e9c504dac2b}\\wmset10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{60204bb3-7078-4f70-8f69-68297621941c}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{60204bb3-7078-4f70-8f69-68297621941c}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{60204bb3-7078-4f70-8f69-68297621941c}\\mpstub10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{60204bb3-7078-4f70-8f69-68297621941c}\\mpstub10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{981fb688-e76b-4246-987b-92083185b90a}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{981fb688-e76b-4246-987b-92083185b90a}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{981fb688-e76b-4246-987b-92083185b90a}\\wpd10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{981fb688-e76b-4246-987b-92083185b90a}\\wpd10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{a47b3654-48ee-48a5-b629-97d70175e58f}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{a47b3654-48ee-48a5-b629-97d70175e58f}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{a47b3654-48ee-48a5-b629-97d70175e58f}\\codecs10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{a47b3654-48ee-48a5-b629-97d70175e58f}\\codecs10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{aac1d942-0b38-4e37-9e4e-5b96a9dd2170}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{aac1d942-0b38-4e37-9e4e-5b96a9dd2170}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{aac1d942-0b38-4e37-9e4e-5b96a9dd2170}\\wmfsdk10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{aac1d942-0b38-4e37-9e4e-5b96a9dd2170}\\wmfsdk10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{c5b8fbe9-645e-4484-a7aa-e8da9a70dd77}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{c5b8fbe9-645e-4484-a7aa-e8da9a70dd77}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{c5b8fbe9-645e-4484-a7aa-e8da9a70dd77}\\drm10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{c5b8fbe9-645e-4484-a7aa-e8da9a70dd77}\\drm10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{cfb4b314-0328-45e1-94af-45a3f5f48e0b}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{cfb4b314-0328-45e1-94af-45a3f5f48e0b}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{cfb4b314-0328-45e1-94af-45a3f5f48e0b}\\mpcd10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{cfb4b314-0328-45e1-94af-45a3f5f48e0b}\\mpcd10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{dd90d410-1823-43eb-9a16-a2331bf08799}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{dd90d410-1823-43eb-9a16-a2331bf08799}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{dd90d410-1823-43eb-9a16-a2331bf08799}\\wmp10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{dd90d410-1823-43eb-9a16-a2331bf08799}\\wmp10.cat"
.
[hkey_local_machine\software\microsoft\windows media device manager\knowndeviceclasses]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\microsoft\windows media device manager\knowndevices]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\microsoft\windows media device manager\plugins\sp\neroburnplugin]
@dacl=(02 0000)
@sacl=
"progid"="mdneroburnplugin.mdneroburnplugin"
.
[hkey_local_machine\software\realtek semiconductor corp.\realtek ac'97 audio]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\realtek semiconductor corporation\realtek gigabit and fast ethernet nic driver]
@dacl=(02 0000)
@sacl=
.
--------------------- dlls geladen onder lopende processen ---------------------
.
- - - - - - - > 'explorer.exe'(4048)
c:\documents and settings\diana\application data\dropbox\bin\dropboxext.14.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
.
------------------------ andere aktieve processen ------------------------
.
c:\program files\avast software\avast\avastsvc.exe
c:\program files\ivt corporation\bluesoleil\btntservice.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\common files\lightscribe\lssrvc.exe
c:\windows\system32\hpzipm12.exe
c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
c:\program files\windows media player\wmpnetwk.exe
c:\windows\system32\rundll32.exe
c:\program files\lacie\backup software\laciebackup.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
voltooingstijd: 2011-10-14 19:11:49 - machine werd herstart
combofix-quarantined-files.txt 2011-10-14 17:11
.
pre-run: 40.589.471.744 bytes beschikbaar
post-run: 40.621.056.000 bytes beschikbaar
.
windowsxp-kb310994-sp2-home-bootdisk-nld.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\windows
[operating systems]
c:\cmdcons\bootsect.dat="microsoft windows recovery console" /cmdcons
unsupporteddebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\windows="microsoft windows xp home edition" /noexecute=optin /fastdetect
.
current=4 default=4 failed=2 lastknowngood=5 sets=2,3,4,5
- - end of file - - 5eddd48c726695e60faa210a5802ac48

[/hjt]

gr
Diana
 
Hoi Diana, hoe gaat het ondertussen met jouw Windows?
 
Nou ik merk nog niet veel verschil behalve dat ik ineens Internet Explorer weer als browser had ipv Chrome. Of bedoel je dat niet?
 
Nou ik merk nog niet veel verschil behalve dat ik ineens Internet Explorer weer als browser had ipv Chrome. Of bedoel je dat niet?

Dat laatst komt omdat ComboFix alles terugzet naar de standaard instellingen.
Maar Chrome is ook nog hoor!

Doe het volgende maar:

Download LopSD of LOPSD naar je Bureaublad.
  • De-activeer bij dit tooltje je antispyware en virusscanner.
    • Vista- en Windows 7 gebruikers: rechtsklik op LopSD en kies voor "Als Administrator uitvoeren"!

    [*] Kies Optie N en Enter
    [*] Klik OK bij het informatie venter
    [*] Kies Optie 2 en Enter
    [*] Aan het eind verschijnt een log ( LopR.txt ) plaats de inhoud ervan in je volgende antwoord
 
Hieronder het logje van LopSD.



--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.53GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Diana ( Administrator )
BOOT : Normal boot
Antivirus : avast! Antivirus 5.0.100664585 (Not Activated)
Firewall : ZoneAlarm Firewall 9.2.106.000 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:38 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - FAT32 - Total:465 Go (Free:417 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( za 15-10-2011|14:26 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Beschrijving van mappen in APPLIC~1

[08-06-2006|13:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes beschikbaar

[06-04-2011|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
[03-12-2008|23:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\46-0r-4q-26-53-17
[04-12-2008|17:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\64-07-46-2p-3p-r9
[22-08-2010|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Activision
[06-10-2010|15:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[14-11-2010|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AlawarWrapper
[26-10-2010|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Albumprinter Pro Editor
[25-07-2007|23:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aliasworlds
[18-01-2011|01:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[18-01-2011|01:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[15-08-2011|14:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVAST Software
[15-08-2011|14:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[14-04-2008|00:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Awem
[20-02-2008|01:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
[20-02-2008|00:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth(2)
[29-08-2006|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[28-06-2006|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[12-02-2008|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CaveDays
[16-12-2007|00:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Christmasville
[19-09-2011|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[06-08-2007|22:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Escape From Paradise
[26-11-2009|19:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EscapeTheMuseum2
[08-03-2008|01:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Farm Frenzy
[28-12-2008|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FarmFrenzy2
[07-08-2009|21:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FarmFrenzy3
[01-04-2010|14:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FarmFrenzy3_America
[01-04-2010|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FarmFrenzy3_Arctica
[28-07-2009|22:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FarmFrenzy-PizzaParty
[31-08-2011|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FileServe Limited
[05-08-2009|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames
[09-08-2009|13:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
[26-10-2009|15:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\game_fillup_v2_usa
[30-09-2008|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
[27-10-2009|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii
[24-07-2011|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[14-12-2009|00:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
[29-11-2007|16:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[13-07-2010|15:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[09-11-2009|20:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Islands
[19-04-2008|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[31-08-2009|22:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kristanix Games
[25-07-2009|21:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[06-04-2011|10:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[23-06-2010|21:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[16-09-2011|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[14-12-2007|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[18-05-2009|23:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MythPeople
[16-11-2007|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NeptunesAdve
[16-04-2011|11:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[14-11-2010|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[29-05-2008|11:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayPond
[09-11-2009|18:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\rionix
[20-04-2008|00:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[13-01-2009|22:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sortasoft
[27-12-2008|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
[13-10-2011|23:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[28-02-2011|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sun
[26-10-2009|15:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[03-03-2011|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[13-07-2010|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[05-08-2008|20:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VirtualFarm
[31-08-2011|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Web Installer
[28-06-2006|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[12-01-2007|16:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[24-02-2007|15:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[0|bestand(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
[67|map(pen)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes beschikbaar

[08-06-2006|11:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[08-06-2006|13:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
[4|map(pen)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes beschikbaar

[17-11-2007|21:53] C:\DOCUME~1\Diana\APPLIC~1\Abra Academy2
[13-07-2011|15:02] C:\DOCUME~1\Diana\APPLIC~1\Adobe
[19-01-2010|14:33] C:\DOCUME~1\Diana\APPLIC~1\AdobeUM
[13-10-2009|14:11] C:\DOCUME~1\Diana\APPLIC~1\Alawar
[20-09-2010|21:05] C:\DOCUME~1\Diana\APPLIC~1\Alien Skin
[16-05-2011|22:30] C:\DOCUME~1\Diana\APPLIC~1\Apple Computer
[21-10-2009|16:04] C:\DOCUME~1\Diana\APPLIC~1\baKno
[21-03-2010|20:19] C:\DOCUME~1\Diana\APPLIC~1\Belastingdienst
[19-08-2009|01:21] C:\DOCUME~1\Diana\APPLIC~1\Big Fish Games
[14-12-2008|00:44] C:\DOCUME~1\Diana\APPLIC~1\BloodTies
[07-08-2009|21:54] C:\DOCUME~1\Diana\APPLIC~1\Boolat Games
[07-09-2011|07:26] C:\DOCUME~1\Diana\APPLIC~1\Canon
[21-12-2008|01:05] C:\DOCUME~1\Diana\APPLIC~1\Cat's Eye Games
[25-08-2011|09:48] C:\DOCUME~1\Diana\APPLIC~1\CheckPoint
[13-07-2010|21:27] C:\DOCUME~1\Diana\APPLIC~1\Corel
[04-07-2006|11:22] C:\DOCUME~1\Diana\APPLIC~1\CyberLink
[14-10-2011|22:19] C:\DOCUME~1\Diana\APPLIC~1\Dropbox
[17-01-2011|00:02] C:\DOCUME~1\Diana\APPLIC~1\DVDVideoSoftIEHelpers
[29-10-2007|00:08] C:\DOCUME~1\Diana\APPLIC~1\EleFun Games
[17-10-2009|14:46] C:\DOCUME~1\Diana\APPLIC~1\Enki Games
[19-10-2009|12:59] C:\DOCUME~1\Diana\APPLIC~1\ERS G-Studio
[29-05-2007|15:21] C:\DOCUME~1\Diana\APPLIC~1\Eyeblaster
[05-08-2008|22:00] C:\DOCUME~1\Diana\APPLIC~1\FarmerJane
[10-02-2010|16:34] C:\DOCUME~1\Diana\APPLIC~1\FileZilla
[02-12-2009|11:25] C:\DOCUME~1\Diana\APPLIC~1\Flood Light Games
[27-09-2011|16:56] C:\DOCUME~1\Diana\APPLIC~1\Friday's games
[01-04-2008|19:30] C:\DOCUME~1\Diana\APPLIC~1\funkitron
[23-02-2008|02:49] C:\DOCUME~1\Diana\APPLIC~1\Fuzzy Games
[23-07-2007|22:06] C:\DOCUME~1\Diana\APPLIC~1\Gaijin Ent
[30-05-2008|14:06] C:\DOCUME~1\Diana\APPLIC~1\GameHouse
[27-04-2008|22:08] C:\DOCUME~1\Diana\APPLIC~1\Gamelab
[24-05-2011|09:53] C:\DOCUME~1\Diana\APPLIC~1\Genie-Soft
[03-05-2009|13:53] C:\DOCUME~1\Diana\APPLIC~1\GlarySoft
[08-11-2009|18:55] C:\DOCUME~1\Diana\APPLIC~1\GOA
[13-09-2006|19:55] C:\DOCUME~1\Diana\APPLIC~1\Google
[07-09-2006|18:02] C:\DOCUME~1\Diana\APPLIC~1\Help
[04-03-2008|00:36] C:\DOCUME~1\Diana\APPLIC~1\Home Sweet Home
[10-12-2008|18:52] C:\DOCUME~1\Diana\APPLIC~1\HP
[03-03-2011|23:06] C:\DOCUME~1\Diana\APPLIC~1\Identities
[18-05-2008|22:15] C:\DOCUME~1\Diana\APPLIC~1\Image Zone Express
[10-02-2010|17:21] C:\DOCUME~1\Diana\APPLIC~1\ImgBurn
[19-12-2007|10:15] C:\DOCUME~1\Diana\APPLIC~1\iolo
[20-05-2008|23:16] C:\DOCUME~1\Diana\APPLIC~1\iWin
[28-11-2007|20:58] C:\DOCUME~1\Diana\APPLIC~1\Jane s Hotel
[22-06-2010|22:12] C:\DOCUME~1\Diana\APPLIC~1\Jasc
[01-12-2007|23:15] C:\DOCUME~1\Diana\APPLIC~1\Jasc Software Inc
[22-08-2006|19:16] C:\DOCUME~1\Diana\APPLIC~1\Kazaa Lite
[25-01-2008|23:53] C:\DOCUME~1\Diana\APPLIC~1\LaCie
[05-01-2011|18:12] C:\DOCUME~1\Diana\APPLIC~1\LimeWirePlus
[05-03-2008|15:53] C:\DOCUME~1\Diana\APPLIC~1\Macromedia
[03-01-2010|23:03] C:\DOCUME~1\Diana\APPLIC~1\MailWasherPro
[02-03-2011|10:47] C:\DOCUME~1\Diana\APPLIC~1\MakeupGuide
[06-04-2011|10:50] C:\DOCUME~1\Diana\APPLIC~1\Malwarebytes
[01-08-2009|15:28] C:\DOCUME~1\Diana\APPLIC~1\Meridian93
[09-11-2009|23:45] C:\DOCUME~1\Diana\APPLIC~1\Merscom
[06-04-2011|20:12] C:\DOCUME~1\Diana\APPLIC~1\Microsoft
[30-07-2007|11:28] C:\DOCUME~1\Diana\APPLIC~1\My Games
[28-09-2011|22:57] C:\DOCUME~1\Diana\APPLIC~1\NevoSoft
[11-12-2006|12:16] C:\DOCUME~1\Diana\APPLIC~1\OfficeUpdate12
[05-12-2009|00:46] C:\DOCUME~1\Diana\APPLIC~1\Peace Craft
[07-03-2011|15:52] C:\DOCUME~1\Diana\APPLIC~1\PeaceCraft2
[15-03-2008|23:35] C:\DOCUME~1\Diana\APPLIC~1\Pirateville
[23-11-2009|15:36] C:\DOCUME~1\Diana\APPLIC~1\PlayFirst
[29-11-2007|16:59] C:\DOCUME~1\Diana\APPLIC~1\Printer Info Cache
[20-11-2009|19:11] C:\DOCUME~1\Diana\APPLIC~1\Realore JanesZOO
[14-11-2009|19:00] C:\DOCUME~1\Diana\APPLIC~1\Red Thumb Games
[12-06-2008|00:55] C:\DOCUME~1\Diana\APPLIC~1\Samsung
[25-06-2007|17:01] C:\DOCUME~1\Diana\APPLIC~1\Sandlot Games
[28-04-2008|16:51] C:\DOCUME~1\Diana\APPLIC~1\SecuROM
[19-11-2006|14:27] C:\DOCUME~1\Diana\APPLIC~1\Simply Super Software
[21-05-2009|13:18] C:\DOCUME~1\Diana\APPLIC~1\Skip-Bo
[13-01-2009|22:42] C:\DOCUME~1\Diana\APPLIC~1\Sortasoft
[30-09-2006|11:41] C:\DOCUME~1\Diana\APPLIC~1\Sun
[14-11-2007|22:16] C:\DOCUME~1\Diana\APPLIC~1\Super-Cow
[11-11-2009|17:02] C:\DOCUME~1\Diana\APPLIC~1\UClick
[19-01-2011|10:49] C:\DOCUME~1\Diana\APPLIC~1\Unity
[08-11-2009|18:41] C:\DOCUME~1\Diana\APPLIC~1\URSE Games
[26-10-2009|19:23] C:\DOCUME~1\Diana\APPLIC~1\VampireSaga
[18-01-2008|12:32] C:\DOCUME~1\Diana\APPLIC~1\ViquaSoft
[08-10-2011|16:51] C:\DOCUME~1\Diana\APPLIC~1\WendigoStudios
[25-06-2008|19:07] C:\DOCUME~1\Diana\APPLIC~1\Wildfire
[24-01-2011|23:56] C:\DOCUME~1\Diana\APPLIC~1\WinAVI
[15-12-2008|12:48] C:\DOCUME~1\Diana\APPLIC~1\WinRAR
[03-03-2011|23:06] C:\DOCUME~1\Diana\APPLIC~1\Zylom
[20-11-2009|01:53] C:\DOCUME~1\Diana\APPLIC~1\Zylom JanesZOO
[0|bestand(en)] C:\DOCUME~1\Diana\APPLIC~1\bytes
[87|map(pen)] C:\DOCUME~1\Diana\APPLIC~1\bytes beschikbaar

[31-08-2011|11:36] C:\DOCUME~1\Gast\APPLIC~1\CheckPoint
[29-10-2008|19:34] C:\DOCUME~1\Gast\APPLIC~1\Macromedia
[11-07-2009|14:28] C:\DOCUME~1\Gast\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\Gast\APPLIC~1\bytes
[5|map(pen)] C:\DOCUME~1\Gast\APPLIC~1\bytes beschikbaar

[03-06-2009|01:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes beschikbaar

[08-06-2006|11:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes beschikbaar

[26-07-2009|10:11] C:\DOCUME~1\Siep\APPLIC~1\Adobe
[29-08-2011|08:27] C:\DOCUME~1\Siep\APPLIC~1\CheckPoint
[01-10-2010|00:31] C:\DOCUME~1\Siep\APPLIC~1\Corel
[18-04-2011|05:31] C:\DOCUME~1\Siep\APPLIC~1\Google
[06-04-2008|22:03] C:\DOCUME~1\Siep\APPLIC~1\GRETECH
[23-01-2008|12:35] C:\DOCUME~1\Siep\APPLIC~1\HP
[14-02-2009|13:06] C:\DOCUME~1\Siep\APPLIC~1\Macromedia
[17-10-2009|07:33] C:\DOCUME~1\Siep\APPLIC~1\Microsoft
[06-10-2006|10:49] C:\DOCUME~1\Siep\APPLIC~1\Sun
[0|bestand(en)] C:\DOCUME~1\Siep\APPLIC~1\bytes
[11|map(pen)] C:\DOCUME~1\Siep\APPLIC~1\bytes beschikbaar

--------------------\\ Geplande Taken gelocaliseerd in C:\WINDOWS\Tasks

[15-10-2011 14:28][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1643657994-656456579-2228755976-1007UA.job
[14-10-2011 19:28][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1643657994-656456579-2228755976-1007Core.job
[15-10-2011 14:27][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1643657994-656456579-2228755976-1006UA.job
[13-10-2011 18:29][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1643657994-656456579-2228755976-1006Core.job
[15-10-2011 13:32][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[15-10-2011 14:17][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[15-10-2011 14:17][--a------] C:\WINDOWS\tasks\GlaryInitialize.job
[12-10-2011 11:50][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[04-08-2004 14:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini
[15-10-2011 14:17][--ah-----] C:\WINDOWS\tasks\SA.DAT

--------------------\\ Beschrijving van mappen in C:\Program Files

[29-08-2006|20:01] C:\Program Files\3B Software
[10-12-2008|14:54] C:\Program Files\7-Zip
[11-07-2011|22:41] C:\Program Files\Adobe
[24-10-2006|18:45] C:\Program Files\Afuk
[19-06-2006|10:09] C:\Program Files\Ahead
[26-10-2010|20:19] C:\Program Files\Albumprinter Pro Editor
[09-07-2010|18:16] C:\Program Files\Alien Skin
[03-05-2009|13:52] C:\Program Files\AltoMP3 Gold
[17-02-2010|17:14] C:\Program Files\AmbraSoft
[15-08-2011|14:10] C:\Program Files\AVAST Software
[08-06-2006|11:35] C:\Program Files\AvRack
[28-06-2006|18:01] C:\Program Files\Canon
[11-07-2011|11:33] C:\Program Files\CCleaner
[25-08-2011|09:47] C:\Program Files\CheckPoint
[14-10-2011|18:41] C:\Program Files\Common Files
[22-07-2009|21:18] C:\Program Files\Convar
[12-06-2010|15:08] C:\Program Files\CoreAAC
[12-12-2010|17:07] C:\Program Files\Corel
[16-01-2011|23:57] C:\Program Files\DVDVideoSoft
[11-10-2009|17:45] C:\Program Files\E Games
[21-10-2009|15:43] C:\Program Files\EASY COMPUTING
[15-08-2011|14:24] C:\Program Files\Eset
[16-06-2009|13:52] C:\Program Files\Eusing Free Registry Cleaner
[01-04-2010|14:42] C:\Program Files\Farm Frenzy 3
[08-10-2011|16:32] C:\Program Files\FileServe Manager
[03-05-2009|00:32] C:\Program Files\Free Audio Pack
[21-10-2009|15:43] C:\Program Files\GameHouse
[17-08-2011|13:21] C:\Program Files\Glary Utilities
[24-07-2011|15:10] C:\Program Files\Google
[14-09-2011|13:19] C:\Program Files\GRETECH
[26-10-2010|21:12] C:\Program Files\Hewlett-Packard
[03-05-2009|00:33] C:\Program Files\Hitman Pro
[26-10-2010|21:15] C:\Program Files\HP
[21-10-2009|15:43] C:\Program Files\hp deskjet 3820 series
[25-07-2008|13:03] C:\Program Files\Huygens
[12-10-2009|16:30] C:\Program Files\IKEA HomePlanner
[10-02-2010|17:04] C:\Program Files\ImgBurn
[13-10-2011|19:26] C:\Program Files\InstallShield Installation Information
[14-10-2011|00:16] C:\Program Files\Internet Explorer
[20-02-2008|01:15] C:\Program Files\IVT Corporation
[20-02-2008|01:03] C:\Program Files\IVT Corporation(2)
[14-07-2010|13:19] C:\Program Files\Jasc Software Inc
[16-05-2011|21:33] C:\Program Files\Java
[25-01-2008|23:53] C:\Program Files\LaCie
[14-11-2010|16:10] C:\Program Files\Lavasoft
[01-09-2008|18:59] C:\Program Files\LGGSM
[21-10-2009|15:43] C:\Program Files\LimeWire
[05-01-2011|18:41] C:\Program Files\LimeWire Plus
[14-10-2011|17:02] C:\Program Files\Malwarebytes' Anti-Malware
[21-10-2009|15:43] C:\Program Files\Messenger
[15-09-2009|23:43] C:\Program Files\Microsoft
[27-08-2006|14:49] C:\Program Files\microsoft frontpage
[29-06-2011|23:24] C:\Program Files\Microsoft Office
[15-10-2011|14:16] C:\Program Files\Microsoft Silverlight
[15-09-2009|23:39] C:\Program Files\Microsoft SQL Server Compact Edition
[15-09-2009|23:41] C:\Program Files\Microsoft Sync Framework
[04-08-2009|20:31] C:\Program Files\Microsoft Works
[11-12-2006|12:00] C:\Program Files\Microsoft.NET
[03-11-2010|21:12] C:\Program Files\Movie Maker
[05-08-2009|15:05] C:\Program Files\MSBuild
[08-06-2006|10:59] C:\Program Files\MSN Gaming Zone
[14-09-2009|18:49] C:\Program Files\Navigram
[25-06-2008|23:01] C:\Program Files\NetMeeting
[26-10-2010|21:29] C:\Program Files\nipo.n
[28-10-2008|02:24] C:\Program Files\NOS
[08-06-2006|11:00] C:\Program Files\Online Services
[28-02-2011|18:05] C:\Program Files\Outlook Express
[24-05-2011|09:53] C:\Program Files\Outlook Express Backup V6.5
[24-08-2011|12:36] C:\Program Files\QuickTime
[28-09-2011|22:50] C:\Program Files\RealArcade
[08-06-2006|11:34] C:\Program Files\Realtek AC97
[05-08-2009|15:05] C:\Program Files\Reference Assemblies
[08-06-2006|11:36] C:\Program Files\S3
[14-09-2011|13:23] C:\Program Files\Samsung
[19-01-2010|14:04] C:\Program Files\Secunia
[13-10-2011|21:44] C:\Program Files\Spybot - Search & Destroy
[01-09-2010|16:22] C:\Program Files\Sqirlz Water Reflections
[12-03-2008|14:35] C:\Program Files\Trend Micro
[11-10-2009|17:47] C:\Program Files\Trymedia
[08-06-2006|11:06] C:\Program Files\Uninstall Information
[08-06-2006|11:36] C:\Program Files\VIA
[22-12-2009|18:00] C:\Program Files\vSoft
[05-08-2009|19:02] C:\Program Files\Weight Watchers
[25-01-2011|00:13] C:\Program Files\WinAVI Video Converter
[29-12-2010|05:54] C:\Program Files\Windows Live
[15-09-2009|23:36] C:\Program Files\Windows Live SkyDrive
[17-09-2007|22:42] C:\Program Files\Windows Live Toolbar
[13-07-2010|10:32] C:\Program Files\Windows Media Components
[21-10-2009|15:43] C:\Program Files\Windows Media Connect 2
[14-11-2010|16:10] C:\Program Files\Windows Media Player
[25-06-2008|23:01] C:\Program Files\Windows NT
[08-06-2006|11:00] C:\Program Files\WindowsUpdate
[08-12-2010|14:18] C:\Program Files\Xenocode
[08-06-2006|11:02] C:\Program Files\xerox
[21-10-2009|16:15] C:\Program Files\Xplorer
[25-08-2011|09:47] C:\Program Files\Zone Labs
[15-05-2011|15:30] C:\Program Files\Zylom Games
[0|bestand(en)] C:\Program Files\bytes
[99|map(pen)] C:\Program Files\bytes beschikbaar

--------------------\\ Beschrijving van mappen in C:\Program Files\Common Files

[06-10-2010|15:35] C:\Program Files\Common Files\Adobe
[19-06-2006|10:09] C:\Program Files\Common Files\Ahead
[14-09-2011|15:15] C:\Program Files\Common Files\AmbraSoft
[18-01-2011|01:33] C:\Program Files\Common Files\Apple
[17-03-2008|01:47] C:\Program Files\Common Files\BOONTY Shared
[13-07-2010|21:27] C:\Program Files\Common Files\Corel
[11-12-2006|12:00] C:\Program Files\Common Files\DESIGNER
[17-01-2011|00:03] C:\Program Files\Common Files\DVDVideoSoft
[29-11-2007|16:22] C:\Program Files\Common Files\Hewlett-Packard
[13-07-2010|15:26] C:\Program Files\Common Files\InstallShield
[14-06-2011|20:36] C:\Program Files\Common Files\Java
[17-11-2006|20:15] C:\Program Files\Common Files\LightScribe
[03-11-2010|20:43] C:\Program Files\Common Files\Microsoft Shared
[08-06-2006|11:00] C:\Program Files\Common Files\MSSoap
[08-06-2006|12:10] C:\Program Files\Common Files\Nero
[08-06-2006|12:54] C:\Program Files\Common Files\ODBC
[15-11-2006|17:02] C:\Program Files\Common Files\Real
[08-06-2006|11:00] C:\Program Files\Common Files\Services
[08-06-2006|12:54] C:\Program Files\Common Files\SpeechEngines
[26-05-2010|19:25] C:\Program Files\Common Files\SWF Studio
[25-06-2008|23:01] C:\Program Files\Common Files\System
[13-07-2010|10:31] C:\Program Files\Common Files\Ulead Systems
[15-09-2009|23:28] C:\Program Files\Common Files\Windows Live
[0|bestand(en)] C:\Program Files\Common Files\bytes
[25|map(pen)] C:\Program Files\Common Files\bytes beschikbaar

--------------------\\ Process

( 40 Processes )

... OK !

--------------------\\ Zoeken met S_Lop

Geen Lop mappen gevonden !

--------------------\\ Zoeken naar Lop Bestanden - Mappen

Geen Lop mappen gevonden !

--------------------\\ Zoeken doorheen het Register

..... OK !

--------------------\\ Nazicht van het Hosts bestand

Hosts bestand IN ORDE


--------------------\\ Zoeken naar verborgen bestanden met Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-15 14:38:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 14

--------------------\\ Zoeken naar andere infecties

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Diana\.housecall6.6\Quarantine\Photshop Plugin Focus Magic 3 + Keygen (fixes out of focus photos).zip.bac_a03696
C:\DOCUME~1\Diana\.housecall6.6\Quarantine\Real Spy Monitor v2 58 WinALL Incl Keygen-HaCkWaReZ CrEw.zip.bac_a03696
C:\DOCUME~1\Diana\Complete\Photshop Plugin Focus Magic 3 + Keygen (fixes out of focus photos).zip
C:\DOCUME~1\Diana\Complete\Real Spy Monitor v2 58 WinALL Incl Keygen-HaCkWaReZ CrEw.zip
C:\DOCUME~1\Diana\Favorieten\computer\Spelmap Nov. 2009, EERST pagina 1 GOED LEZEN !! Crack - Forum - Startkabel.nl.url
C:\DOCUME~1\Diana\Mijn documenten\My PSP8 Files\Corel\COREL PSP X3 v13.00 incl. keygen.rar
C:\DOCUME~1\Diana\Mijn documenten\My PSP8 Files\Corel\Keygen.exe
C:\DOCUME~1\Diana\Mijn documenten\programmaatjes\Jasc_Paint_Shop_Pro_8.03-8.04 Crack
C:\DOCUME~1\Diana\Mijn documenten\programmaatjes\Jasc_Paint_Shop_Pro_8.03-8.04 Crack.zip
C:\DOCUME~1\Diana\Mijn documenten\programmaatjes\Jasc_Paint_Shop_Pro_8.03-8.04 Crack\Crack.exe
C:\DOCUME~1\Diana\Mijn documenten\programmaatjes\Jasc_Paint_Shop_Pro_8.03-8.04 Crack\file_id.diz
C:\DOCUME~1\Diana\Mijn documenten\programmaatjes\psp 8\Crack PSP 8.10.rar
C:\DOCUME~1\ALLUSE~1\Application Data\Lavasoft\Ad-Aware\Quarantine\keygen.exe.81e973fc33ad916961c8d0afa4af155d.aawqff
C:\DOCUME~1\ALLUSE~1\Application Data\Lavasoft\Ad-Aware\Quarantine\PopCap Games Crack.exe.cc53ee41d57da778af9f62533db8f14.aawqff


[F:14][D:7]-> C:\DOCUME~1\Diana\LOCALS~1\Temp
[F:7][D:0]-> C:\DOCUME~1\Diana\Cookies
[F:303][D:4]-> C:\DOCUME~1\Diana\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - za 15-10-2011|14:42 - Option : [2]

--------------------\\ Scan voltooid om 14:42:16
 
Ik zag trouwens dat Adaware er nog op stond terwijl we die al een tijd niet meer gebruiken. Deze heb ik er vandaag afgehaald. Ik heb het idee dat de pc wel iets sneller opstart. In ieder geval gaat het afsluiten duidelijk sneller!
Verder ben ik uiteraard benieuwd naar wat ik er nog meer aan kan doen. (Behalve formatteren) :)
gr Diana
 
Hoi, je bent kieskeurig als het om dure programma's gaat.
Maar daar niet voor willen betalen door cracks te gebruiken is eigenlijk helemaal niet netjes.
Bovendien open je daarmee dus gewild een doos van pandorra.

Jij mag het volgende doen:

ESET online scan (Klik).
  • Klik op de knop ESET Online Scanner
  • Zet een vinkje bij YES, I accept the Terms of Use
  • Klik op Start
  • Sta het ActiveX control toe om te installeren.
  • Zet een vinkje bij de volgende opties:
    • Remove found threats
    • Scan archives
  • Klik vervolgens op "Advanced Settings"
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Klik op Start
  • De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
  • is de scan klaar, klik dan op > List of found threats
  • Klik vervolgens op > Export to text file....
  • Als opslaglokatie Bureaublad en geef het kladblokbestand een duidelijke titel.
  • Daarna mag jij het venster sluiten omdat de scan klaar is.
  • Open vervolgens het log dat op je bureaublad staat.
  • En kopieer en plak dan de inhoud van dit log in je volgende bericht.
N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
 
Je hebt gelijk. Ik ga ze er meteen afhalen. Daarna zal ik de bovenstaande instructies uitvoeren.
 
Kijk eens naar Paint.net.

Dit is een verdere ontwikkeling van Paint in Windows door een Amerikaanse universiteit in samenwerking met Microsoft.

[GOOGLE]paint.net nl[/GOOGLE]
 
Dit is het ESET logje:


C:\Documents and Settings\Diana\Mijn documenten\zonealarm updates\zlsSetup_70_462_000_en.exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Documents and Settings\Diana\Mijn documenten\zonealarm updates\zlsSetup_70_470_000_en.exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Documents and Settings\Diana\Mijn documenten\zonealarm updates\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application deleted - quarantined
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\SDFix\backups\backups.zip a variant of Win32/Kryptik.CV trojan deleted - quarantined
C:\System Volume Information\_restore{9D6A5D11-6A40-4391-A924-D9D5644A43A9}\RP1315\A0317665.dll Win32/OpenCandy application cleaned by deleting - quarantined
F:\spelletjes\Monopoly\Monopoly.Here.And.Now.v1.0.7.110.rar a variant of Win32/HackTool.Patcher.A application deleted - quarantined
F:\spelletjes\Fable 3\Fable 3\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined

gr
Diana
 
Doe de ComboFix scan nogmaals.

Het kan na opstarten van ComboFix gebeuren dat er een melding komt:

- of ComboFix wil geupdated worden;
- of ComboFix wil opnieuw gedownload worden.

Krijg je dus zo'n melding, dan dit ook uitvoeren.

Post de inhoud van het log wederom via de kleurcodeerder.
 
Na een drukke werkweek hier dan eindelijk het combofix log.
De pc start al beduidend sneller op en sluit ook veel sneller af!

[hjt]
combofix 11-10-21.05 - diana 21-10-2011 22:20:18.3.1 - x86
microsoft windows xp home edition 5.1.2600.3.1252.31.1043.18.958.609 [gmt 2:00]
gestart vanuit: c:\documents and settings\diana\bureaublad\combofix.exe
av: avast! antivirus *disabled/updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
fw: zonealarm firewall *disabled* {829bda32-94b3-44f4-8446-f8fcff809f8b}
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\isrs-000.tmp
.
.
(((((((((((((((((((( bestanden gemaakt van 2011-09-21 to 2011-10-21 ))))))))))))))))))))))))))))))
.
.
2011-10-21 19:42 . 2011-10-21 19:42 -------- d-----w- c:\program files\common files\java
2011-10-15 12:26 . 2011-10-15 12:42 -------- dc----w- c:\lop sd
2011-10-13 21:55 . 2011-10-13 21:55 388096 ----a-r- c:\documents and settings\diana\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\hijackthis.exe
2011-10-13 19:35 . 2011-10-21 17:11 -------- d--h--r- c:\documents and settings\diana\onlangs geopend
2011-10-09 22:16 . 2008-07-10 09:00 3851784 ----a-w- c:\windows\system32\d3dx9_39.dll
2011-10-09 22:13 . 2011-10-13 19:36 -------- d-----w- c:\windows\logs
2011-10-08 14:51 . 2011-10-08 14:51 -------- d-----w- c:\documents and settings\diana\application data\wendigostudios
2011-09-30 17:59 . 2011-10-07 15:31 -------- d-----w- c:\documents and settings\siep\local settings\application data\fileserve manager
2011-09-28 20:57 . 2011-09-28 20:57 -------- d-----w- c:\documents and settings\diana\application data\nevosoft
2011-09-28 20:50 . 2011-09-28 20:50 -------- dc----w- c:\zylom games
2011-09-26 12:32 . 2011-09-27 14:56 -------- d-----w- c:\documents and settings\diana\application data\friday's games
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 03:06 . 2011-02-28 15:33 472808 ----a-w- c:\windows\system32\deployjava1.dll
2011-10-03 00:37 . 2011-06-14 18:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-06-08 10:47 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-06-08 10:47 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-25 15:04 . 2011-05-16 20:33 404640 ----a-w- c:\windows\system32\flashplayercplapp.cpl
2011-09-09 09:12 . 2006-06-08 10:47 602624 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2011-08-15 12:11 41184 ----a-w- c:\windows\avastss.scr
2011-09-06 20:45 . 2011-08-15 12:11 199304 ----a-w- c:\windows\system32\aswboot.exe
2011-09-06 20:38 . 2011-08-15 12:12 442200 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2011-09-06 20:37 . 2011-08-15 12:12 320856 ----a-w- c:\windows\system32\drivers\aswsp.sys
2011-09-06 20:36 . 2011-08-15 12:12 34392 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2011-09-06 20:36 . 2011-08-15 12:12 52568 ----a-w- c:\windows\system32\drivers\aswtdi.sys
2011-09-06 20:36 . 2011-08-15 12:12 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-08-15 12:12 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-08-15 12:12 20568 ----a-w- c:\windows\system32\drivers\aswfsblk.sys
2011-09-06 20:33 . 2011-08-15 12:12 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:09 . 2006-06-08 10:47 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 15:00 . 2011-04-06 08:48 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:41 . 2006-06-08 10:47 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2006-06-08 10:47 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2006-06-08 10:47 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:58 . 2006-06-08 10:47 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-06-08 10:47 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2006-11-15 15:02 . 2006-11-15 15:02 774144 -c--a-w- c:\program files\rnginterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083b0-c522-11cf-8763-00608cc02f24}"
[hkey_classes_root\clsid\{472083b0-c522-11cf-8763-00608cc02f24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\avast software\avast\ashshell.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext1]
@="{fb314ed9-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ed9-a251-47b7-93e1-cdd82e34af8b}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\diana\application data\dropbox\bin\dropboxext.14.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext2]
@="{fb314eda-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314eda-a251-47b7-93e1-cdd82e34af8b}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\diana\application data\dropbox\bin\dropboxext.14.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext3]
@="{fb314edb-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edb-a251-47b7-93e1-cdd82e34af8b}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\diana\application data\dropbox\bin\dropboxext.14.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext4]
@="{fb314edc-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edc-a251-47b7-93e1-cdd82e34af8b}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\diana\application data\dropbox\bin\dropboxext.14.dll
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"lacie backup"=c:\program files\lacie\backup software\\laciebackup.exe [2006-07-06 2596864]
"wmpnscfg"=c:\program files\windows media player\wmpnscfg.exe [2006-11-02 204288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"raidtool"=c:\program files\via\raid\raid_tool.exe [2005-06-20 1056768]
"bluetoothauthenticationagent"="bthprops.cpl" [2008-04-14 110592]
"adobe reader speed launcher"=c:\program files\adobe\reader 9.0\reader\reader_sl.exe [2011-09-07 37296]
"adobe arm"=c:\program files\common files\adobe\arm\1.0\adobearm.exe [2011-03-30 937920]
"avast"=c:\program files\avast software\avast\avastui.exe [2011-09-06 3722416]
"quicktime task"=c:\program files\quicktime\qttask.exe [2011-07-05 421888]
"zonealarm client"=c:\program files\zone labs\zonealarm\zlclient.exe [2011-03-17 1043968]
"sunjavaupdatesched"=c:\program files\common files\java\java update\jusched.exe [2011-06-09 254696]
.
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe [2008-04-14 15360]
.
[hkey_local_machine\system\currentcontrolset\control\session manager]
bootexecute reg_multi_sz autocheck autochk *\0ssiefr.e
.
[hklm\~\startupfolder\c:^documents and settings^all users^menu start^programma's^opstarten^adobe reader speed launch.lnk]
.
[hklm\~\startupfolder\c:^documents and settings^all users^menu start^programma's^opstarten^tabuserw.lnk]
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe arm]
2011-03-30 04:59 937920 ----a-r- c:\program files\common files\adobe\arm\1.0\adobearm.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\adobe\reader 9.0\reader\reader_sl.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\hpdj taskbar utility]
2002-11-05 18:46 188416 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
2008-04-14 17:03 1695232 ------w- c:\program files\messenger\msmsgs.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck]
2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\nerocheck.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\soundman]
2005-08-17 10:39 90112 -c--a-r- c:\windows\soundman.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\vttimer]
2005-03-07 19:33 53248 -c--a-r- c:\windows\system32\vttimer.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\vttrayp]
2005-03-11 09:33 147456 -c--a-r- c:\windows\system32\vttrayp.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\wmpnscfg]
2006-11-02 21:53 204288 ----a-w- c:\program files\windows media player\wmpnscfg.exe
.
[hkey_local_machine\software\microsoft\windows\currentversion\run-disabled]
"hp software update"=c:\program files\hp\hp software update\hpwuschd2.exe
"sunjavaupdatesched"=c:\program files\common files\java\java update\jusched.exe
.
[hkey_local_machine\software\microsoft\security center\monitoring\zonelabsfirewall]
"disablemonitoring"=dword:00000001
.
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\\system32\\sessmgr.exe=
c:\\program files\\ivt corporation\\bluesoleil\\bluesoleil.exe=
%windir%\\network diagnostic\\xpnetdiag.exe=
c:\\program files\\windows live\\messenger\\msnmsgr.exe=
c:\\program files\\windows live\\sync\\windowslivesync.exe=
c:\\documents and settings\\diana\\application data\\dropbox\\bin\\dropbox.exe=
c:\\windows\\system32\\zonelabs\\vsmon.exe=
.
r0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26-3-2008 12:00 716272]
r1 aswsnx;aswsnx;c:\windows\system32\drivers\aswsnx.sys [15-8-2011 14:12 442200]
r1 aswsp;aswsp;c:\windows\system32\drivers\aswsp.sys [15-8-2011 14:12 320856]
r2 aswfsblk;aswfsblk;c:\windows\system32\drivers\aswfsblk.sys [15-8-2011 14:12 20568]
s0 lbd;lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\lbd.sys [?]
s2 gupdate;google updateservice (gupdate);c:\program files\google\update\googleupdate.exe [13-4-2011 18:04 136176]
s3 fxdrv;fxdrv; [x]
s3 gupdatem;google update-service (gupdatem);c:\program files\google\update\googleupdate.exe [13-4-2011 18:04 136176]
s3 hitmanpro2;hitman pro 2 driver;c:\program files\hitman pro\hitmanpro2.sys [12-2-2007 10:52 10336]
s3 hitmanpro3;hitman pro 3 support driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
s3 psi;psi;c:\windows\system32\drivers\psi_mf.sys [1-9-2010 10:30 15544]
.
[hkey_local_machine\software\microsoft\windows nt\currentversion\svchost]
getplushelper reg_multi_sz getplushelper
nosgetplushelper reg_multi_sz nosgetplushelper
.
inhoud van de 'gedeelde taken' map
.
2011-10-21 c:\windows\tasks\glaryinitialize.job
- c:\program files\glary utilities\initialize.exe [2010-09-20 07:07]
.
2011-10-21 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files\google\update\googleupdate.exe [2011-04-13 16:03]
.
2011-10-21 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files\google\update\googleupdate.exe [2011-04-13 16:03]
.
2011-10-17 c:\windows\tasks\googleupdatetaskusers-1-5-21-1643657994-656456579-2228755976-1006core.job
- c:\documents and settings\diana\local settings\application data\google\update\googleupdate.exe [2011-09-21 21:27]
.
2011-10-21 c:\windows\tasks\googleupdatetaskusers-1-5-21-1643657994-656456579-2228755976-1006ua.job
- c:\documents and settings\diana\local settings\application data\google\update\googleupdate.exe [2011-09-21 21:27]
.
2011-10-21 c:\windows\tasks\googleupdatetaskusers-1-5-21-1643657994-656456579-2228755976-1007core.job
- c:\documents and settings\siep\local settings\application data\google\update\googleupdate.exe [2011-09-27 21:27]
.
2011-10-21 c:\windows\tasks\googleupdatetaskusers-1-5-21-1643657994-656456579-2228755976-1007ua.job
- c:\documents and settings\siep\local settings\application data\google\update\googleupdate.exe [2011-09-27 21:27]
.
.
------- bijkomende scan -------
.
ustart page = hxxp://www.startpagina.nl/
uinternet connection wizard,shellnext = iexplore
tcp: dhcpnameserver = 10.0.0.1
dpf: {0dbf2423-33d3-4084-b83e-6a3661f2cd46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/imageuploader6.cab
dpf: {34dc6011-88b5-4ea9-ba7a-dc7b4f4437fe} - hxxp://fotoalbum.fotoquelle.nl/ips-opdata/objects/jordan.cab
dpf: {63d6dd13-c913-466d-9444-9357561e4d94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab
dpf: {b7915d9f-6057-4153-be1b-8e234bd66980} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.23/imageuploader7.cab
.
.
**************************************************************************
.
catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer, [noparse]http://www.gmer.net[/noparse]
rootkit scan 2011-10-21 22:46
windows 5.1.2600 service pack 3 ntfs
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_users\s-1-5-21-1643657994-656456579-2228755976-1006\software\local appwizard-generated applications\via raid tool]
@dacl=(02 0000)
@sacl=
.
[hkey_users\s-1-5-21-1643657994-656456579-2228755976-1006\software\microsoft\mediaplayer\player\skins\res://wmploc/rt_text/mainappskin2.wsz]
@dacl=(02 0000)
@sacl=
"prefs"="mute;false;tracktimeformat;0"
.
[hkey_users\s-1-5-21-1643657994-656456579-2228755976-1006\software\microsoft\systemcertificates\addressbook*]
@allowed: (read) (restrictedcode)
@allowed: (read) (restrictedcode)
.
[hkey_local_machine\software\classes\applications\photosnapviewer.exe\shell]
@dacl=(02 0000)
@sacl=
@="open"
.
[hkey_local_machine\software\microsoft\advanced inf setup\iehomepageinfo\regbackup]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\microsoft\mediaplayer\10.0]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\microsoft\mediaplayer\services]
@dacl=(02 0000)
@sacl=
"noservices"=dword:00000000
.
[hkey_local_machine\software\microsoft\mediaplayer\settings]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\microsoft\mediaplayer\uiplugins\{292ae934-4f49-40bb-9e7e-6f6398ed9c31}]
@dacl=(02 0000)
@sacl=
"friendlyname"="nero fast cd-burning plugin"
"description"="uw cd branden"
"capabilities"=dword:40000001
.
[hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\localsystem\components\•€|•€|•9~*]
"3140110900063d11c8ef10054038389c"="c?\\windows\\system32\\fm20enu.dll"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{077acec7-979c-40ab-9835-435ba1511e0d}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{077acec7-979c-40ab-9835-435ba1511e0d}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{077acec7-979c-40ab-9835-435ba1511e0d}\\mppre10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{077acec7-979c-40ab-9835-435ba1511e0d}\\mppre10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{30c7234b-6482-4a55-a11d-ecd9030313f2}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{30c7234b-6482-4a55-a11d-ecd9030313f2}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{30c7234b-6482-4a55-a11d-ecd9030313f2}\\wmdm10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{30c7234b-6482-4a55-a11d-ecd9030313f2}\\wmdm10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{3fdf25ee-e592-4495-8391-6e9c504dac2b}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{3fdf25ee-e592-4495-8391-6e9c504dac2b}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{3fdf25ee-e592-4495-8391-6e9c504dac2b}\\wmset10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{3fdf25ee-e592-4495-8391-6e9c504dac2b}\\wmset10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{60204bb3-7078-4f70-8f69-68297621941c}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{60204bb3-7078-4f70-8f69-68297621941c}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{60204bb3-7078-4f70-8f69-68297621941c}\\mpstub10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{60204bb3-7078-4f70-8f69-68297621941c}\\mpstub10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{981fb688-e76b-4246-987b-92083185b90a}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{981fb688-e76b-4246-987b-92083185b90a}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{981fb688-e76b-4246-987b-92083185b90a}\\wpd10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{981fb688-e76b-4246-987b-92083185b90a}\\wpd10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{a47b3654-48ee-48a5-b629-97d70175e58f}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{a47b3654-48ee-48a5-b629-97d70175e58f}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{a47b3654-48ee-48a5-b629-97d70175e58f}\\codecs10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{a47b3654-48ee-48a5-b629-97d70175e58f}\\codecs10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{aac1d942-0b38-4e37-9e4e-5b96a9dd2170}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{aac1d942-0b38-4e37-9e4e-5b96a9dd2170}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{aac1d942-0b38-4e37-9e4e-5b96a9dd2170}\\wmfsdk10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{aac1d942-0b38-4e37-9e4e-5b96a9dd2170}\\wmfsdk10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{c5b8fbe9-645e-4484-a7aa-e8da9a70dd77}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{c5b8fbe9-645e-4484-a7aa-e8da9a70dd77}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{c5b8fbe9-645e-4484-a7aa-e8da9a70dd77}\\drm10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{c5b8fbe9-645e-4484-a7aa-e8da9a70dd77}\\drm10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{cfb4b314-0328-45e1-94af-45a3f5f48e0b}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{cfb4b314-0328-45e1-94af-45a3f5f48e0b}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{cfb4b314-0328-45e1-94af-45a3f5f48e0b}\\mpcd10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{cfb4b314-0328-45e1-94af-45a3f5f48e0b}\\mpcd10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{dd90d410-1823-43eb-9a16-a2331bf08799}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{dd90d410-1823-43eb-9a16-a2331bf08799}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{dd90d410-1823-43eb-9a16-a2331bf08799}\\wmp10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{dd90d410-1823-43eb-9a16-a2331bf08799}\\wmp10.cat"
.
[hkey_local_machine\software\microsoft\windows media device manager\knowndeviceclasses]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\microsoft\windows media device manager\knowndevices]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\microsoft\windows media device manager\plugins\sp\neroburnplugin]
@dacl=(02 0000)
@sacl=
"progid"="mdneroburnplugin.mdneroburnplugin"
.
[hkey_local_machine\software\realtek semiconductor corp.\realtek ac'97 audio]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\realtek semiconductor corporation\realtek gigabit and fast ethernet nic driver]
@dacl=(02 0000)
@sacl=
.
voltooingstijd: 2011-10-21 22:55:09
combofix-quarantined-files.txt 2011-10-21 20:55
combofix2.txt 2011-10-14 17:11
.
pre-run: 36.924.403.712 bytes beschikbaar
post-run: 36.960.460.800 bytes beschikbaar
.
current=4 default=4 failed=2 lastknowngood=5 sets=2,3,4,5
- - end of file - - 4a5b71cb6f0d02dbe571e5f18217b1bd

[/hjt]
 
Hoi Diana, ga naar Configuratiescherm\Software en verwijderd daar

- Hitman Pro 2
- Hitman Pro 3


Herstart daarna je PC en start dan ComboFix nogmaals voor een nieuwe scan.
Post het log wederom via de kleurcodeerder.
 
Hoi Abraham54 :), er staat geen enkele hitman pro in configuratiescherm/software. Kan het ergens anders staan?

gr
Diana
 
Hallo Diana, dan gebruiken ComboFix om Hitman Pro helemaal uit jouw Windows te krijgen.

Overigens, jij gebruikt nog steeds Windows Mediaplayer 10?
Windows Mediaplayer 11 wordt als beste gezien!


Verwijder wel eerst de oude ComboFix en download daarna de nieuwste versie!

open een nieuw kladblok bestand, via "Start\Alle programmas\Bureau-accessoires\Kladblok".


Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


KILLALL::

File::
c:\windows\system32\drivers\hitmanpro3.sys

Folder::
c:\program files\hitman pro

Driver::
hitmanpro3



Sla dit kladblokbestand op je bureaublad op als CFScript.txt.

Nu eerst de antivirus deaktiveren!


Sleep CFScript.txt in ComboFix.exe


CFScriptB-4.gif


Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder!
 
Hier dan eindelijk het combofix log. Griep had dit huishouden geveld, maar we zijn er weer!

[hjt]
combofix 11-11-11.02 - diana 11-11-2011 11:45:18.4.1 - x86
microsoft windows xp home edition 5.1.2600.3.1252.31.1043.18.958.566 [gmt 1:00]
gestart vanuit: c:\documents and settings\diana\bureaublad\combofix.exe
gebruikte opdracht switches :: c:\documents and settings\diana\bureaublad\cfscript.txt..txt
av: avast! antivirus *disabled/updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
fw: zonealarm firewall *disabled* {829bda32-94b3-44f4-8446-f8fcff809f8b}
.
file ::
c:\windows\system32\drivers\hitmanpro3.sys
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\all users\application data\temp
c:\program files\hitman pro
c:\program files\hitman pro\controls.ini
c:\program files\hitman pro\hash.dll
c:\program files\hitman pro\hitmanpro2.sys
c:\program files\hitman pro\language.ini
c:\program files\hitman pro\logs\buynow.gif
c:\program files\hitman pro\logs\hitman_pro_2007-02-22_11-49-04.htm
c:\program files\hitman pro\logs\hitman_pro_2007-02-22_11-50-44.htm
c:\program files\hitman pro\logs\hitman_pro_2007-02-23_20-07-55.htm
c:\program files\hitman pro\logs\hitman_pro_2007-02-23_20-08-25.htm
c:\program files\hitman pro\logs\hitmanpro.jpg
c:\program files\hitman pro\prompt.exe
c:\program files\hitman pro\srhelper.exe
.
.
((((((((((((((((((((((((((((((((((((((( drivers/services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\legacy_hitmanpro3
-------\service_hitmanpro3
-------\legacy_hitmanpro2
-------\legacy_hitmanpro2
-------\service_hitmanpro2
-------\service_hitmanpro2
.
.
(((((((((((((((((((( bestanden gemaakt van 2011-10-11 to 2011-11-11 ))))))))))))))))))))))))))))))
.
.
2011-11-09 15:09 . 2011-11-09 15:10 -------- d-----w- c:\program files\type expert junior
2011-11-07 17:43 . 2011-11-07 17:43 -------- d-----w- c:\documents and settings\diana\application data\dvdcss
2011-11-07 17:37 . 2011-11-07 17:45 -------- d-----w- c:\documents and settings\diana\application data\vlc
2011-10-21 19:42 . 2011-10-21 19:42 -------- d-----w- c:\program files\common files\java
2011-10-15 12:26 . 2011-10-15 12:42 -------- dc----w- c:\lop sd
2011-10-13 21:55 . 2011-10-13 21:55 388096 ----a-r- c:\documents and settings\diana\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\hijackthis.exe
2011-10-13 19:35 . 2011-11-11 10:35 -------- d--h--r- c:\documents and settings\diana\onlangs geopend
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2006-06-08 09:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 03:06 . 2011-02-28 15:33 472808 ----a-w- c:\windows\system32\deployjava1.dll
2011-10-03 00:37 . 2011-06-14 18:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-06-08 10:47 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-06-08 10:47 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-25 15:04 . 2011-05-16 20:33 404640 ----a-w- c:\windows\system32\flashplayercplapp.cpl
2011-09-09 09:12 . 2006-06-08 10:47 602624 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2011-08-15 12:11 41184 ----a-w- c:\windows\avastss.scr
2011-09-06 20:45 . 2011-08-15 12:11 199304 ----a-w- c:\windows\system32\aswboot.exe
2011-09-06 20:38 . 2011-08-15 12:12 442200 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2011-09-06 20:37 . 2011-08-15 12:12 320856 ----a-w- c:\windows\system32\drivers\aswsp.sys
2011-09-06 20:36 . 2011-08-15 12:12 34392 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2011-09-06 20:36 . 2011-08-15 12:12 52568 ----a-w- c:\windows\system32\drivers\aswtdi.sys
2011-09-06 20:36 . 2011-08-15 12:12 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-08-15 12:12 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-08-15 12:12 20568 ----a-w- c:\windows\system32\drivers\aswfsblk.sys
2011-09-06 20:33 . 2011-08-15 12:12 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:09 . 2006-06-08 10:47 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 15:00 . 2011-04-06 08:48 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:41 . 2006-06-08 10:47 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2006-06-08 10:47 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2006-06-08 10:47 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:58 . 2006-06-08 10:47 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-06-08 10:47 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2006-11-15 15:02 . 2006-11-15 15:02 774144 -c--a-w- c:\program files\rnginterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083b0-c522-11cf-8763-00608cc02f24}"
[hkey_classes_root\clsid\{472083b0-c522-11cf-8763-00608cc02f24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\avast software\avast\ashshell.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext1]
@="{fb314ed9-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ed9-a251-47b7-93e1-cdd82e34af8b}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\diana\application data\dropbox\bin\dropboxext.14.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext2]
@="{fb314eda-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314eda-a251-47b7-93e1-cdd82e34af8b}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\diana\application data\dropbox\bin\dropboxext.14.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext3]
@="{fb314edb-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edb-a251-47b7-93e1-cdd82e34af8b}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\diana\application data\dropbox\bin\dropboxext.14.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext4]
@="{fb314edc-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edc-a251-47b7-93e1-cdd82e34af8b}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\diana\application data\dropbox\bin\dropboxext.14.dll
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"lacie backup"=c:\program files\lacie\backup software\\laciebackup.exe [2006-07-06 2596864]
"wmpnscfg"=c:\program files\windows media player\wmpnscfg.exe [2009-02-04 204288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"raidtool"=c:\program files\via\raid\raid_tool.exe [2005-06-20 1056768]
"bluetoothauthenticationagent"="bthprops.cpl" [2008-04-14 110592]
"adobe reader speed launcher"=c:\program files\adobe\reader 9.0\reader\reader_sl.exe [2011-09-07 37296]
"adobe arm"=c:\program files\common files\adobe\arm\1.0\adobearm.exe [2011-03-30 937920]
"avast"=c:\program files\avast software\avast\avastui.exe [2011-09-06 3722416]
"quicktime task"=c:\program files\quicktime\qttask.exe [2011-07-05 421888]
"zonealarm client"=c:\program files\zone labs\zonealarm\zlclient.exe [2011-03-17 1043968]
"sunjavaupdatesched"=c:\program files\common files\java\java update\jusched.exe [2011-06-09 254696]
.
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe [2008-04-14 15360]
.
[hkey_local_machine\system\currentcontrolset\control\session manager]
bootexecute reg_multi_sz autocheck autochk *\0ssiefr.e
.
[hklm\~\startupfolder\c:^documents and settings^all users^menu start^programma's^opstarten^adobe reader speed launch.lnk]
.
[hklm\~\startupfolder\c:^documents and settings^all users^menu start^programma's^opstarten^tabuserw.lnk]
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe arm]
2011-03-30 04:59 937920 ----a-r- c:\program files\common files\adobe\arm\1.0\adobearm.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\adobe\reader 9.0\reader\reader_sl.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\hpdj taskbar utility]
2002-11-05 18:46 188416 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
2008-04-14 17:03 1695232 ------w- c:\program files\messenger\msmsgs.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck]
2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\nerocheck.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\soundman]
2005-08-17 10:39 90112 -c--a-r- c:\windows\soundman.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\vttimer]
2005-03-07 19:33 53248 -c--a-r- c:\windows\system32\vttimer.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\vttrayp]
2005-03-11 09:33 147456 -c--a-r- c:\windows\system32\vttrayp.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\wmpnscfg]
2009-02-04 13:15 204288 ----a-w- c:\program files\windows media player\wmpnscfg.exe
.
[hkey_local_machine\software\microsoft\windows\currentversion\run-disabled]
"hp software update"=c:\program files\hp\hp software update\hpwuschd2.exe
"sunjavaupdatesched"=c:\program files\common files\java\java update\jusched.exe
.
[hkey_local_machine\software\microsoft\security center\monitoring\zonelabsfirewall]
"disablemonitoring"=dword:00000001
.
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
.
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\\system32\\sessmgr.exe=
c:\\program files\\ivt corporation\\bluesoleil\\bluesoleil.exe=
%windir%\\network diagnostic\\xpnetdiag.exe=
c:\\program files\\windows live\\messenger\\msnmsgr.exe=
c:\\program files\\windows live\\sync\\windowslivesync.exe=
c:\\documents and settings\\diana\\application data\\dropbox\\bin\\dropbox.exe=
c:\\windows\\system32\\zonelabs\\vsmon.exe=
.
r0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26-3-2008 11:00 716272]
r1 aswsnx;aswsnx;c:\windows\system32\drivers\aswsnx.sys [15-8-2011 13:12 442200]
r1 aswsp;aswsp;c:\windows\system32\drivers\aswsp.sys [15-8-2011 13:12 320856]
r2 aswfsblk;aswfsblk;c:\windows\system32\drivers\aswfsblk.sys [15-8-2011 13:12 20568]
r2 secunia update agent;secunia update agent;c:\program files\secunia\psi\sua.exe [19-4-2011 7:44 399416]
s0 lbd;lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\lbd.sys [?]
s2 gupdate;google updateservice (gupdate);c:\program files\google\update\googleupdate.exe [13-4-2011 17:04 136176]
s3 fxdrv;fxdrv; [x]
s3 gupdatem;google update-service (gupdatem);c:\program files\google\update\googleupdate.exe [13-4-2011 17:04 136176]
s3 nosgetplushelper;getplus(r) helper 3004;c:\windows\system32\svchost.exe -k nosgetplushelper [8-6-2006 11:47 14336]
s3 psi;psi;c:\windows\system32\drivers\psi_mf.sys [1-9-2010 9:30 15544]
s3 secunia psi agent;secunia psi agent;c:\program files\secunia\psi\psia.exe [19-4-2011 7:44 993848]
.
[hkey_local_machine\software\microsoft\windows nt\currentversion\svchost]
getplushelper reg_multi_sz getplushelper
nosgetplushelper reg_multi_sz nosgetplushelper
.
inhoud van de 'gedeelde taken' map
.
2011-11-11 c:\windows\tasks\glaryinitialize.job
- c:\program files\glary utilities\initialize.exe [2010-09-20 07:07]
.
2011-11-11 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files\google\update\googleupdate.exe [2011-04-13 16:03]
.
2011-11-11 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files\google\update\googleupdate.exe [2011-04-13 16:03]
.
2011-11-08 c:\windows\tasks\googleupdatetaskusers-1-5-21-1643657994-656456579-2228755976-1006core.job
- c:\documents and settings\diana\local settings\application data\google\update\googleupdate.exe [2011-09-21 21:27]
.
2011-11-11 c:\windows\tasks\googleupdatetaskusers-1-5-21-1643657994-656456579-2228755976-1006ua.job
- c:\documents and settings\diana\local settings\application data\google\update\googleupdate.exe [2011-09-21 21:27]
.
2011-11-02 c:\windows\tasks\googleupdatetaskusers-1-5-21-1643657994-656456579-2228755976-1007core.job
- c:\documents and settings\siep\local settings\application data\google\update\googleupdate.exe [2011-09-27 21:27]
.
2011-11-11 c:\windows\tasks\googleupdatetaskusers-1-5-21-1643657994-656456579-2228755976-1007ua.job
- c:\documents and settings\siep\local settings\application data\google\update\googleupdate.exe [2011-09-27 21:27]
.
.
------- bijkomende scan -------
.
ustart page = hxxp://www.startpagina.nl/
uinternet connection wizard,shellnext = iexplore
tcp: dhcpnameserver = 10.0.0.1
dpf: {0dbf2423-33d3-4084-b83e-6a3661f2cd46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/imageuploader6.cab
dpf: {34dc6011-88b5-4ea9-ba7a-dc7b4f4437fe} - hxxp://fotoalbum.fotoquelle.nl/ips-opdata/objects/jordan.cab
dpf: {63d6dd13-c913-466d-9444-9357561e4d94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab
dpf: {b7915d9f-6057-4153-be1b-8e234bd66980} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma7.0.23/imageuploader7.cab
.
.
**************************************************************************
.
catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer, [noparse]http://www.gmer.net[/noparse]
rootkit scan 2011-11-11 12:18
windows 5.1.2600 service pack 3 ntfs
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_users\s-1-5-21-1643657994-656456579-2228755976-1006\software\local appwizard-generated applications\via raid tool]
@dacl=(02 0000)
@sacl=
.
[hkey_users\s-1-5-21-1643657994-656456579-2228755976-1006\software\microsoft\mediaplayer\player\skins\res://wmploc/rt_text/mainappskin2.wsz]
@dacl=(02 0000)
@sacl=
"prefs"="mute;false;tracktimeformat;0"
.
[hkey_users\s-1-5-21-1643657994-656456579-2228755976-1006\software\microsoft\systemcertificates\addressbook*]
@allowed: (read) (restrictedcode)
@allowed: (read) (restrictedcode)
.
[hkey_local_machine\software\classes\applications\photosnapviewer.exe\shell]
@dacl=(02 0000)
@sacl=
@="open"
.
[hkey_local_machine\software\microsoft\advanced inf setup\iehomepageinfo\regbackup]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\microsoft\mediaplayer\10.0]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\microsoft\mediaplayer\services]
@dacl=(02 0000)
@sacl=
"noservices"=dword:00000000
.
[hkey_local_machine\software\microsoft\mediaplayer\settings]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\microsoft\mediaplayer\uiplugins\{292ae934-4f49-40bb-9e7e-6f6398ed9c31}]
@dacl=(02 0000)
@sacl=
"friendlyname"="nero fast cd-burning plugin"
"description"="uw cd branden"
"capabilities"=dword:40000001
.
[hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\localsystem\components\||9~*]
"3140110900063d11c8ef10054038389c"="c?\\windows\\system32\\fm20enu.dll"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{077acec7-979c-40ab-9835-435ba1511e0d}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{077acec7-979c-40ab-9835-435ba1511e0d}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{077acec7-979c-40ab-9835-435ba1511e0d}\\mppre10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{077acec7-979c-40ab-9835-435ba1511e0d}\\mppre10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{30c7234b-6482-4a55-a11d-ecd9030313f2}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{30c7234b-6482-4a55-a11d-ecd9030313f2}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{30c7234b-6482-4a55-a11d-ecd9030313f2}\\wmdm10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{30c7234b-6482-4a55-a11d-ecd9030313f2}\\wmdm10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{3fdf25ee-e592-4495-8391-6e9c504dac2b}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{3fdf25ee-e592-4495-8391-6e9c504dac2b}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{3fdf25ee-e592-4495-8391-6e9c504dac2b}\\wmset10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{3fdf25ee-e592-4495-8391-6e9c504dac2b}\\wmset10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{60204bb3-7078-4f70-8f69-68297621941c}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{60204bb3-7078-4f70-8f69-68297621941c}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{60204bb3-7078-4f70-8f69-68297621941c}\\mpstub10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{60204bb3-7078-4f70-8f69-68297621941c}\\mpstub10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{981fb688-e76b-4246-987b-92083185b90a}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{981fb688-e76b-4246-987b-92083185b90a}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{981fb688-e76b-4246-987b-92083185b90a}\\wpd10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{981fb688-e76b-4246-987b-92083185b90a}\\wpd10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{a47b3654-48ee-48a5-b629-97d70175e58f}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{a47b3654-48ee-48a5-b629-97d70175e58f}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{a47b3654-48ee-48a5-b629-97d70175e58f}\\codecs10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{a47b3654-48ee-48a5-b629-97d70175e58f}\\codecs10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{aac1d942-0b38-4e37-9e4e-5b96a9dd2170}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{aac1d942-0b38-4e37-9e4e-5b96a9dd2170}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{aac1d942-0b38-4e37-9e4e-5b96a9dd2170}\\wmfsdk10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{aac1d942-0b38-4e37-9e4e-5b96a9dd2170}\\wmfsdk10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{c5b8fbe9-645e-4484-a7aa-e8da9a70dd77}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{c5b8fbe9-645e-4484-a7aa-e8da9a70dd77}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{c5b8fbe9-645e-4484-a7aa-e8da9a70dd77}\\drm10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{c5b8fbe9-645e-4484-a7aa-e8da9a70dd77}\\drm10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{cfb4b314-0328-45e1-94af-45a3f5f48e0b}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{cfb4b314-0328-45e1-94af-45a3f5f48e0b}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{cfb4b314-0328-45e1-94af-45a3f5f48e0b}\\mpcd10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{cfb4b314-0328-45e1-94af-45a3f5f48e0b}\\mpcd10.cat"
.
[hkey_local_machine\software\microsoft\windows\currentversion\setup\exceptioncomponents\{dd90d410-1823-43eb-9a16-a2331bf08799}]
@dacl=(02 0000)
@sacl=
"friendlyname"="windows media files"
"componentguid"="{dd90d410-1823-43eb-9a16-a2331bf08799}"
"version"=dword:000a0000
"sub-version"=dword:00000eda
"exceptioninfname"=expand:c:\\windows\\registeredpackages\\{dd90d410-1823-43eb-9a16-a2331bf08799}\\wmp10.inf
"exceptioncatalogname"=expand:"c:\\windows\\registeredpackages\\{dd90d410-1823-43eb-9a16-a2331bf08799}\\wmp10.cat"
.
[hkey_local_machine\software\microsoft\windows media device manager\knowndeviceclasses]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\microsoft\windows media device manager\knowndevices]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\microsoft\windows media device manager\plugins\sp\neroburnplugin]
@dacl=(02 0000)
@sacl=
"progid"="mdneroburnplugin.mdneroburnplugin"
.
[hkey_local_machine\software\realtek semiconductor corp.\realtek ac'97 audio]
@dacl=(02 0000)
@sacl=
.
[hkey_local_machine\software\realtek semiconductor corporation\realtek gigabit and fast ethernet nic driver]
@dacl=(02 0000)
@sacl=
.
--------------------- dlls geladen onder lopende processen ---------------------
.
- - - - - - - > 'explorer.exe'(2704)
c:\documents and settings\diana\application data\dropbox\bin\dropboxext.14.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
.
------------------------ andere aktieve processen ------------------------
.
c:\program files\avast software\avast\avastsvc.exe
c:\program files\ivt corporation\bluesoleil\btntservice.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\common files\lightscribe\lssrvc.exe
c:\windows\system32\hpzipm12.exe
c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
c:\windows\system32\rundll32.exe
c:\program files\lacie\backup software\laciebackup.exe
c:\program files\windows media player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\avast software\avast\setup\avast.setup
.
**************************************************************************
.
voltooingstijd: 2011-11-11 12:29:24 - machine werd herstart
combofix-quarantined-files.txt 2011-11-11 11:29
combofix2.txt 2011-10-21 20:55
combofix3.txt 2011-10-14 17:11
.
pre-run: 36.653.899.776 bytes beschikbaar
post-run: 36.640.624.640 bytes beschikbaar
.
- - end of file - - f640e764538af64116bbaf6ff761d3ab

[/hjt]
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan