Ik heb het idee dat bij HJT de regels niet verwijderd zijn , ik kreeg een schermpje dat volgens mij dat op een andere manier moest doen
mijn engels is niet zo goed misschien kun dat als het niet goed is gegaan het me even uitleggen.
ComboFix 09-03-10.03 - Gebruiker 2009-03-11 19:41:17.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2045.1235
Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\vlc-0.9.4-win32.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-02-11 to 2009-03-11 ))))))))))))))))))))))))))))))
.
2009-03-11 15:19 . 2009-03-11 15:19 d——– c:\program files\CleanUp!
2009-03-11 13:34 . 2009-03-11 13:34 0 –ah—– c:\users\Default.LOG2
2009-03-11 13:34 . 2009-03-11 13:34 0 –ah—– c:\users\Default.LOG1
2009-03-11 13:34 . 2009-03-11 13:34 0 –ah—– C:\ProgramData.LOG2
2009-03-11 13:34 . 2009-03-11 13:34 0 –ah—– C:\ProgramData.LOG1
2009-03-11 12:37 . 2009-03-11 12:37 d——– c:\program files\MSSOAP
2009-03-11 12:33 . 2009-03-11 12:33 164 –a—— c:\windows\install.dat
2009-03-11 09:01 . 2009-03-11 08:10 15,688 –a—— c:\windows\System32\lsdelete.exe
2009-03-11 08:11 . 2009-03-11 08:10 64,160 –a—— c:\windows\System32\drivers\Lbd.sys
2009-03-11 08:10 . 2009-03-11 08:10 d–h-c— c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-11 08:10 . 2009-03-11 08:10 d–h-c— c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-11 08:10 . 2009-02-09 04:10 2,033,152 –a—— c:\windows\System32\win32k.sys
2009-03-11 08:10 . 2008-11-27 05:43 268,288 –a—— c:\windows\System32\schannel.dll
2009-03-05 14:10 . 2009-03-05 14:16 d——– c:\users\Gebruiker\AppData\Roaming\WeatherWatcherLive
2009-03-05 14:10 . 2009-03-05 14:10 d——– c:\users\Gebruiker\AppData\Roaming\WeatherWatcher
2009-03-05 14:10 . 2004-05-27 01:32 102,400 –a—— c:\windows\System32\unzip32.dll
2009-03-04 12:43 . 2009-03-04 12:43 d——– c:\program files\FormatFactory
2009-03-01 13:01 . 2009-03-01 13:01 d——– c:\users\Gebruiker\AppData\Roaming\Desktopicon
2009-03-01 13:01 . 2009-03-01 13:01 d——– c:\program files\VDOWNLOADER
2009-02-28 13:14 . 2002-01-05 14:37 344,064 –a—— c:\windows\System32\msvcr70.dll
2009-02-28 13:13 . 2009-02-28 13:43 d——– c:\program files\Common Files\DVDVideoSoft
2009-02-28 11:47 . 2009-02-28 11:47 d——– c:\program files\Common Files\xing shared
2009-02-26 10:34 . 2009-02-26 10:34 d——– c:\program files\XnView
2009-02-25 11:59 . 2008-12-16 04:29 8,147,456 –a—— c:\windows\System32\wmploc.DLL
2009-02-25 11:59 . 2008-12-16 06:31 7,680 –a—— c:\windows\System32\spwmp.dll
2009-02-25 11:59 . 2008-12-16 06:31 4,096 –a—— c:\windows\System32\msdxm.ocx
2009-02-25 11:59 . 2008-12-16 06:31 4,096 –a—— c:\windows\System32\dxmasf.dll
2009-02-25 11:38 . 2009-02-25 11:38 d——– c:\program files\Common Files\Wise Installation Wizard
2009-02-23 20:00 . 2009-02-25 11:39 d——– c:\users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.com
2009-02-23 20:00 . 2009-02-23 20:00 d——– c:\users\All Users\SUPERAntiSpyware.com
2009-02-23 20:00 . 2009-02-23 20:00 d——– c:\programdata\SUPERAntiSpyware.com
2009-02-23 20:00 . 2009-02-25 11:39 d——– c:\program files\SUPERAntiSpyware
2009-02-22 09:32 . 2009-02-22 09:32 d——– c:\program files\BackRex Internet Explorer Backup
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 14:29 ——— d—–w c:\program files\Malwarebytes' Anti-Malware
2009-03-11 14:26 ——— d—–w c:\program files\Trend Micro
2009-03-11 11:42 13,213 —-a-w c:\users\Gebruiker\AppData\Roaming\nvModes.dat
2009-03-11 10:58 ——— d—–w c:\program files\Windows Mail
2009-03-11 07:09 ——— d—–w c:\programdata\Lavasoft
2009-03-11 07:09 ——— d—–w c:\program files\Lavasoft
2009-03-10 19:58 ——— d—–w c:\programdata\Spybot - Search & Destroy
2009-03-10 19:53 ——— d—a-w c:\programdata\TEMP
2009-03-10 19:53 ——— d—–w c:\program files\SpywareBlaster
2009-03-04 21:41 ——— d—–w c:\program files\PhotoScape
2009-03-04 10:41 ——— d—–w c:\programdata\avg8
2009-02-28 19:40 ——— d—–w c:\users\Gebruiker\AppData\Roaming\TAC
2009-02-28 10:47 ——— d—–w c:\program files\Common Files\Real
2009-02-26 16:39 ——— d—–w c:\users\Gebruiker\AppData\Roaming\XnView
2009-02-26 16:39 ——— d—–w c:\program files\TAC
2009-02-26 09:19 ——— d—–w c:\program files\Common Files\Adobe AIR
2009-02-26 09:11 ——— d—–w c:\program files\Microsoft Silverlight
2009-02-25 10:56 ——— d—–w c:\program files\Spybot - Search & Destroy
2009-02-11 09:19 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 13:55 410,984 —-a-w c:\windows\System32\deploytk.dll
2009-02-10 13:55 ——— d—–w c:\program files\Java
2009-02-10 08:45 ——— d—–w c:\program files\Google
2009-02-09 12:37 ——— d–h–w c:\program files\InstallShield Installation Information
2009-02-08 09:11 ——— d—–w c:\users\Gebruiker\AppData\Roaming\Leadertech
2009-02-08 09:11 ——— d—–w c:\program files\Common Files\Adobe
2009-01-30 17:12 325,128 —-a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-30 17:12 107,272 —-a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-30 17:12 10,520 —-a-w c:\windows\System32\avgrsstx.dll
2009-01-27 20:28 ——— d—–w c:\program files\Microsoft
2009-01-27 18:32 ——— d—–w c:\program files\Common Files\InstallShield
2009-01-27 18:27 ——— d—–w c:\programdata\UDL
2009-01-27 18:24 ——— d—–w c:\program files\epson
2009-01-24 10:06 413,696 —-a-w c:\windows\System32\wrap_oal.dll
2009-01-24 10:06 110,592 —-a-w c:\windows\System32\OpenAL32.dll
2009-01-24 10:06 ——— d—–w c:\program files\OpenAL
2009-01-22 13:29 ——— d—–w c:\users\Gebruiker\AppData\Roaming\IrfanView
2009-01-22 11:38 ——— d—–w c:\programdata\TVU Networks
2009-01-22 11:38 ——— d—–w c:\program files\TVUPlayer
2009-01-15 17:57 ——— d—–w c:\users\Gebruiker\AppData\Roaming\FileZilla
2009-01-15 17:19 ——— d—–w c:\program files\DivX
2009-01-15 17:11 ——— d—–w c:\program files\CCleaner
2009-01-15 06:11 827,392 —-a-w c:\windows\System32\wininet.dll
2008-12-11 00:33 86,016 —-a-w c:\windows\System32\dpl100.dll
2008-12-11 00:33 200,704 —-a-w c:\windows\System32\dtu100.dll
2008-04-16 21:49 174 –sha-w c:\program files\desktop.ini
2008-11-03 15:26 16,384 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-11-03 15:26 32,768 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-03 15:26 16,384 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“AutoSizer”=“c:\program files\AutoSizer\AutoSizer.exe”
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe”
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“SynTPStart”=“c:\program files\Synaptics\SynTP\SynTPStart.exe”
“MSConfig”=“c:\windows\system32\msconfig.exe”
“NvSvc”=“c:\windows\system32\nvsvc.dll”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“AVG8_TRAY”=“c:\progra~1\AVG\AVG8\avgtray.exe”
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe”
“Ad-Watch”=“c:\program files\Lavasoft\Ad-Aware\AAWTray.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
“EnableUIADesktopToggle”= 0 (0x0)
“NoResolveTrack”= 1 (0x1)
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL”
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
“AppInit_DLLs”=avgrsstx.dll
“msacm.dvacm”= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
“msacm.divxa32”= divxa32.acm
@=“Service”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
–a—— 2007-01-17 13:46 534648 c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
–a—— 2009-03-11 08:10 515416 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
–a—— 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
–a—— 2006-12-23 17:05 143360 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
–a—— 2007-02-13 09:30 405504 c:\program files\Camera Assistant Software for Toshiba\traybar.exe
–a—— 2007-01-19 13:25 1507328 c:\program files\IDM\Desktop SMS\DesktopSMS.exe
–a—— 2008-07-03 18:08 137216 c:\program files\filehippo.com\UpdateChecker.exe
–a—— 2006-12-07 16:49 55416 c:\program files\TOSHIBA\TBS\HSON.exe
–a—— 2006-11-01 08:06 413696 c:\program files\TOSHIBA\Utilities\HWSetup.exe
–a—— 2006-11-06 17:14 34352 c:\program files\TOSHIBA\Utilities\KeNotify.exe
–a—— 2009-02-11 10:19 1273488 c:\program files\Malwarebytes' Anti-Malware\mbam.exe
–a—— 2006-01-12 14:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
–a—— 2007-02-06 14:21 509496 c:\program files\TOSHIBA\SmoothView\SmoothView.exe
–a—— 2009-02-17 11:43 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
–a—— 2006-03-22 21:42 438272 c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe
–a—— 2009-02-28 11:46 198160 c:\program files\Common Files\Real\Update_OB\realsched.exe
–a—— 2007-03-02 14:10 577536 c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
–a—— 2007-02-19 15:00 571024 c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
–a—— 2006-12-19 23:16 411768 c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“TCP Query User{7A78BFFB-B1EC-4FE2-A39D-618CB183F04A}c:\\program files\\windows sidebar\\sidebar.exe”= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
“UDP Query User{4070EAB6-5EB2-4674-97FC-A3D1C87A74D7}c:\\program files\\windows sidebar\\sidebar.exe”= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
“{86D672FD-398B-4E4C-91A2-2C23C5A3A700}”= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{52B1CAD8-7FB1-4B0B-A784-CCD64D5074DD}”= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“TCP Query User{9D17AD5E-C19B-4974-B526-89E8B3B73CCC}c:\\program files\\internet explorer\\iexplore.exe”= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
“UDP Query User{75AC074C-DD10-45D8-BC2C-AAAABB0A2703}c:\\program files\\internet explorer\\iexplore.exe”= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
“TCP Query User{AF2B8036-9844-4E34-8775-A95A81623EB1}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe”= UDP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
“UDP Query User{59FAEB16-3042-47BF-81B4-AD8A8F42D504}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe”= TCP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
“TCP Query User{719392CD-CA11-4362-9DF8-03FCBC9E914B}c:\\program files\\tvuplayer\\tvuplayer.exe”= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
“UDP Query User{E40ABCBD-82A1-4897-B226-3F9161251DC7}c:\\program files\\tvuplayer\\tvuplayer.exe”= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
“TCP Query User{59AB937F-2C62-4D77-98E9-52D60C419152}c:\\program files\\sopcast\\sopcast.exe”= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
“UDP Query User{CF746A25-97B7-4861-B5C0-49C83495C65B}c:\\program files\\sopcast\\sopcast.exe”= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
“TCP Query User{85FABEB2-3614-4777-9581-095132ECA55B}c:\\program files\\sopcast\\adv\\sopadver.exe”= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
“UDP Query User{D293941D-9AEE-44B1-B463-2192EC790587}c:\\program files\\sopcast\\adv\\sopadver.exe”= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
“TCP Query User{0DED060B-BD45-4307-BBA9-6C74BF403BA7}c:\\program files\\tvants\\tvants.exe”= UDP:c:\program files\tvants\tvants.exe:TVAnts
“UDP Query User{C4DE136E-C646-46D4-A1B4-AE71A8DE939C}c:\\program files\\tvants\\tvants.exe”= TCP:c:\program files\tvants\tvants.exe:TVAnts
“TCP Query User{EAFAAC97-FED9-493D-862F-DA15461BD065}c:\\program files\\real\\realplayer\\realplay.exe”= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
“UDP Query User{F69E2456-E329-4CF9-8D8A-968D87E40CA1}c:\\program files\\real\\realplayer\\realplay.exe”= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
“TCP Query User{7C70E0F0-4ED1-4843-8EEE-95AE54F5246A}c:\\program files\\internet explorer\\iexplore.exe”= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
“UDP Query User{441A06D8-118A-4DEE-BA2F-5D9CA005CEF3}c:\\program files\\internet explorer\\iexplore.exe”= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
“TCP Query User{3154B9D2-9122-475B-A068-67EDD463AA92}c:\\program files\\sopcast\\sopcast.exe”= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
“UDP Query User{8CC15E26-98F4-4179-99EE-F5E3192F0282}c:\\program files\\sopcast\\sopcast.exe”= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
“TCP Query User{9EEE8C1C-410B-4FAD-8C45-4E5F2B3DB578}c:\\program files\\tvuplayer\\tvuplayer.exe”= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
“UDP Query User{E2086401-2EF0-4861-BE36-46A4C942E7B6}c:\\program files\\tvuplayer\\tvuplayer.exe”= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
“{6A365748-2E47-4BA8-B88D-5E4147D99C09}”= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
“{A7354F60-C590-44FF-9307-C75A7E3AFC7B}”= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
“{CADC7CC3-4705-44D4-8B3A-BF9215728AC7}”= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe
S3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS
.
Inhoud van de ‘Gedeelde Taken’ map
2009-03-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
2009-03-11 c:\windows\Tasks\AutoSmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
2009-03-11 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
- - - - ORPHANS VERWIJDERD - - - -
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE
.
——- Bijkomende Scan ——-
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?NL
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 19:43:11
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2009-03-11 19:45:24
ComboFix-quarantined-files.txt 2009-03-11 18:45:22
Pre-Run: 132.431.974.400 bytes beschikbaar
Post-Run: 132,764,078,080 bytes beschikbaar
259 — E O F — 2009-03-11 10:57:01
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:18, on 11-3-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: “%ProgramFiles%\Windows Defender\MSASCui.exe” -hide
O4 - HKLM\..\Run: “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe”
O4 - HKLM\..\Run: “C:\Program Files\Synaptics\SynTP\SynTPStart.exe”
O4 - HKLM\..\Run: “C:\Windows\system32\msconfig.exe” /auto
O4 - HKLM\..\Run: “RUNDLL32.EXE” C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: “RUNDLL32.EXE” C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: “RUNDLL32.EXE” C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: “RtHDVCpl.exe”
O4 - HKLM\..\Run: “C:\PROGRA~1\AVG\AVG8\avgtray.exe”
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM\..\Run: “C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe”
O4 - HKCU\..\Run: “C:\Program Files\Windows Sidebar\sidebar.exe” /autoRun
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: “C:\Program Files\AutoSizer\AutoSizer.exe”
O4 - HKCU\..\Run: “C:\Program Files\Windows Media Player\WMPNSCFG.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?NL (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
–
End of file - 8507 bytes
Malwarebytes' Anti-Malware 1.34
Database versie: 1835
Windows 6.0.6001 Service Pack 1
11-3-2009 19:53:37
mbam-log-2009-03-11 (19-53-37).txt
Scan type: Snelle Scan
Objecten gescand: 57831
Verstreken tijd: 3 minute(s), 10 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
