Live Jasmin

• 

  Kef

  17-09-2010 21:28

  Beste mensen,

  Sinds een tijdje heb ik een probleem met mijn laptop.

  Na het opstarten van de laptop, verschijnt er een venster

  met daarin ontblote dames.

  Het is mijn schoollaptop en het is natuurlijk niet zo fraai als dit telkens in beeld verschijnt..

  Logfile of Trend Micro HijackThis v2.0.4

  Scan saved at 21:16:13, on 17-9-2010

  Platform: Windows Vista SP1 (WinNT 6.00.1905)

  MSIE: Internet Explorer v8.00 (8.00.6001.18943)

  Boot mode: Normal

  Running processes:

  C:\Windows\system32\Dwm.exe

  C:\Windows\Explorer.EXE

  C:\Windows\system32\taskeng.exe

  C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe

  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

  C:\Program Files\Launch Manager\LManager.exe

  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

  C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe

  C:\Program Files\Common Files\Java\Java Update\jusched.exe

  C:\Program Files\AVG\AVG9\avgtray.exe

  C:\Windows\System32\igfxtray.exe

  C:\Windows\System32\hkcmd.exe

  C:\Windows\System32\igfxpers.exe

  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

  C:\Windows\system32\igfxsrvc.exe

  C:\Users\Kevin\AppData\Local\Temp\RtkBtMnt.exe

  C:\Users\Kevin\AppData\Roaming\T-Mobile Internet Manager\ouc.exe

  C:\Windows\system32\igfxext.exe

  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

  C:\Windows\system32\wuauclt.exe

  C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe

  C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe

  C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe

  C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe

  C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0413&s=2&o=vb32&d=1109&m=e725

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0413&s=2&o=vb32&d=1109&m=e725

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0413&s=2&o=vb32&d=1109&m=e725

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0413&s=2&o=vb32&d=1109&m=e725

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

  O1 - Hosts: ::1 localhost

  O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll

  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

  O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

  O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

  O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide

  O4 - HKLM\..\Run: C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe

  O4 - HKLM\..\Run: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

  O4 - HKLM\..\Run: C:\PROGRA~1\LAUNCH~1\LManager.exe

  O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

  O4 - HKLM\..\Run: C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe

  O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

  O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

  O4 - HKLM\..\Run: C:\PROGRA~1\AVG\AVG9\avgtray.exe

  O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe

  O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe

  O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe

  O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

  O4 - HKCU\..\Run: “C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe”

  O4 - HKCU\..\Run: “C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe” /c

  O4 - HKCU\..\Run: C:\Windows\system32\timesync.exe

  O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)

  O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)

  O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)

  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

  O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

  O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

  O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

  O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

  O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-NL/wlscctrl2.cab

  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

  O20 - AppInit_DLLs: avgrsstx.dll

  O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

  O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

  O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

  O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe

  O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe

  O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

  O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

  O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

  O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

  O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

  O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

  O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

  –

  End of file - 8953 bytes

  Malwarebytes' Anti-Malware 1.46

  www.malwarebytes.org

  Databaseversie: 4640

  Windows 6.0.6001 Service Pack 1

  Internet Explorer 8.0.6001.18943

  17-9-2010 21:13:37

  mbam-log-2010-09-17 (21-13-37).txt

  Scantype: Snelle scan

  Objecten gescand: 137829

  Verstreken tijd: 6 minuut/minuten, 48 seconde(n)

  Geheugenprocessen geïnfecteerd: 0

  Geheugenmodulen geïnfecteerd: 0

  Registersleutels geïnfecteerd: 0

  Registerwaarden geïnfecteerd: 0

  Registerdata geïnfecteerd: 0

  Mappen geïnfecteerd: 0

  Bestanden geïnfecteerd: 0

  Geheugenprocessen geïnfecteerd:

  (Geen kwaadaardige objecten gedetecteerd)

  Geheugenmodulen geïnfecteerd:

  (Geen kwaadaardige objecten gedetecteerd)

  Registersleutels geïnfecteerd:

  (Geen kwaadaardige objecten gedetecteerd)

  Registerwaarden geïnfecteerd:

  (Geen kwaadaardige objecten gedetecteerd)

  Registerdata geïnfecteerd:

  (Geen kwaadaardige objecten gedetecteerd)

  Mappen geïnfecteerd:

  (Geen kwaadaardige objecten gedetecteerd)

  Bestanden geïnfecteerd:

  (Geen kwaadaardige objecten gedetecteerd)

  Ik hoop dat jullie mij er van af kunnen helpen,

  het is namelijk vrij irriterend.

  Met vriendelijke groet,

  Kef

  Rapporteren
• 

  fazantje

  17-09-2010 21:45

  Hoi Kevin,

  Ik vroeg je ook om even te vertellen wat je allemaal al had gedaan om het te proberen te verwijderen.

  Je had, zag ik, ook een scan gedaan met: Windows Live OneCare.

  Wat kwam hier uit:S

  Groetjes Huib:)

  

  Rapporteren
• 

  Kef

  17-09-2010 22:03

  Beste Huib,

  Uit de Windows Live OneCare scan kwam geen resultaat,

  deze vertelde dat er geen problemen waren.

  Ik zag dat er in Application Data\Macromedia\Flash Player een map

  stond met livejasmin. Deze heb ik verwijderd, maar maakte geen verschil.

  Mbam, AVG-scans + tijdelijke internet bestanden en cache en cookies verwijderen

  hebben ook tot niets geleid.

  Ik durfde eigenlijk niet combofix te draaien, maar ben het nu toch maar wel aan het doen.

  (ikzag het namelijk in een van je andere reacties in het andere topic)

  Mvg, Kef

  Rapporteren
• 

  Kef

  17-09-2010 22:16

  Combofix gedraaid.

  Combofix Log + HijackThis Log

  Ik kan dit niet lezen.

  Jullie vast wel.

  ComboFix 10-09-16.07 - Kevin 17-09-2010 21:53:53.1.2 - x86

  Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.31.1043.18.3001.2128

  Gestart vanuit: c:\users\Kevin\Downloads\ComboFix.exe

  SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

  SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

  .

  c:\windows\box.exe

  .

  (((((((((((((((((((( Bestanden Gemaakt van 2010-08-17 to 2010-09-17 ))))))))))))))))))))))))))))))

  .

  2010-09-16 17:52 . 2010-09-16 17:52 65536 —-a-w- c:\windows\system32\timeset.exe

  2010-09-16 17:52 . 2010-09-16 17:52 65536 —-a-w- c:\windows\system32\timeset.bin

  2010-09-16 17:46 . 2010-09-16 17:49 ——– d—–w- c:\program files\SpywareBlaster

  2010-09-16 14:50 . 2010-09-16 14:50 388096 —-a-r- c:\users\Kevin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

  2010-09-16 14:50 . 2010-09-16 14:50 ——– d—–w- c:\program files\Trend Micro

  2010-09-14 09:33 . 1999-12-17 08:13 86016 —-a-w- c:\windows\unvise32.exe

  2010-09-13 07:41 . 2010-09-13 07:41 ——– d—–w- c:\programdata\SQL Anywhere 10

  2010-09-13 07:40 . 2010-09-13 07:40 ——– d—–w- c:\program files\King

  2010-09-05 18:37 . 2010-09-05 18:37 ——– d—–w- c:\program files\Microsoft Silverlight

  2010-08-26 06:22 . 2010-08-26 06:22 ——– d—–w- c:\program files\CCleaner

  2010-08-20 05:58 . 2010-08-20 05:58 ——– d—–w- c:\program files\DAEMON Tools Lite

  2010-08-19 20:33 . 2010-08-19 20:33 ——– d—–w- c:\program files\Electronic Arts

  .

  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

  .

  2010-09-17 19:57 . 2008-01-21 05:45 667352 —-a-w- c:\windows\system32\perfh013.dat

  2010-09-17 19:57 . 2008-01-21 05:45 126854 —-a-w- c:\windows\system32\perfc013.dat

  2010-09-17 18:30 . 2010-07-22 10:44 ——– d—–w- c:\program files\Windows Live Safety Center

  2010-09-16 17:52 . 2010-07-22 10:31 16968 —-a-w- c:\windows\system32\drivers\hitmanpro35.sys

  2010-09-14 08:17 . 2009-11-20 13:37 ——– d—–w- c:\users\Kevin\AppData\Roaming\GrabIt

  2010-09-13 15:17 . 2009-11-18 10:26 102520 —-a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

  2010-09-13 15:00 . 2009-03-03 00:48 ——– d—–w- c:\programdata\Microsoft Help

  2010-08-30 17:16 . 2009-11-29 10:15 ——– d—–w- c:\users\Kevin\AppData\Roaming\EPSON

  2010-08-26 06:25 . 2010-08-04 23:56 ——– d—–w- c:\programdata\Spybot - Search & Destroy

  2010-08-26 06:25 . 2010-05-23 20:30 ——– d—–w- c:\users\Kevin\AppData\Roaming\Media Player Classic

  2010-08-25 06:07 . 2009-11-30 15:45 ——– d—–w- c:\users\Kevin\AppData\Roaming\T-Mobile Internet Manager

  2010-08-20 05:58 . 2009-11-30 08:34 ——– d—–w- c:\users\Kevin\AppData\Roaming\DAEMON Tools Lite

  2010-08-16 03:10 . 2010-08-16 03:10 ——– d—–w- c:\programdata\WindowsSearch

  2010-08-15 20:34 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail

  2010-08-04 23:58 . 2010-08-04 23:56 ——– d—–w- c:\program files\Spybot - Search & Destroy

  2010-08-04 14:37 . 2010-08-04 10:46 ——– d—–w- c:\program files\Spyware Doctor

  2010-08-04 10:55 . 2010-08-04 10:46 ——– d—–w- c:\programdata\PC Tools

  2010-08-04 10:49 . 2010-08-04 10:46 ——– d—–w- c:\program files\Common Files\PC Tools

  2010-08-04 10:46 . 2010-08-04 10:46 ——– d—–w- c:\users\Kevin\AppData\Roaming\PC Tools

  2010-08-02 17:24 . 2010-08-02 17:24 ——– d—–w- c:\program files\CleanUp!

  2010-07-30 11:28 . 2010-07-30 11:01 ——– d—–w- c:\program files\StarCraft II

  2010-07-30 11:26 . 2010-07-30 11:26 47364 —-a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll

  2010-07-30 11:26 . 2010-07-30 11:01 ——– d—–w- c:\programdata\Blizzard Entertainment

  2010-07-30 11:17 . 2010-07-29 22:58 ——– d—–w- c:\program files\Common Files\Blizzard Entertainment

  2010-07-22 10:30 . 2010-07-22 10:30 ——– d—–w- c:\programdata\Hitman Pro

  2010-07-22 10:30 . 2010-07-22 10:30 ——– d—–w- c:\program files\Hitman Pro 3.5

  2010-07-18 01:19 . 2010-06-03 16:11 243024 —-a-w- c:\windows\system32\drivers\avgtdix.sys

  2010-07-18 01:19 . 2010-07-18 01:19 12536 —-a-w- c:\windows\system32\avgrsstx.dll

  2010-07-18 01:19 . 2010-06-03 16:11 216400 —-a-w- c:\windows\system32\drivers\avgldx86.sys

  2010-06-26 06:05 . 2010-08-15 20:33 916480 —-a-w- c:\windows\system32\wininet.dll

  2010-06-26 06:02 . 2010-08-15 20:33 71680 —-a-w- c:\windows\system32\iesetup.dll

  2010-06-26 06:02 . 2010-08-15 20:33 109056 —-a-w- c:\windows\system32\iesysprep.dll

  2010-06-26 04:25 . 2010-08-15 20:33 133632 —-a-w- c:\windows\system32\ieUnatt.exe

  2010-06-21 13:18 . 2010-08-15 20:33 2036736 —-a-w- c:\windows\system32\win32k.sys

  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

  .

  .

  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  REGEDIT4

  “HW_OPENEYE_OUC_T-Mobile Internet Manager”=“c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe”

  “Google Update”=“c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe”

  “timesync.exe”=“c:\windows\system32\timesync.exe”

  “Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe”

  “Acer ePower Management”=“c:\program files\eMachines\eMachines Power Management\ePowerTray.exe”

  “RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe”

  “LManager”=“c:\progra~1\LAUNCH~1\LManager.exe”

  “SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”

  “DataCardMonitor”=“c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe”

  “Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

  “Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  “SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”

  “AVG9_TRAY”=“c:\progra~1\AVG\AVG9\avgtray.exe”

  “IgfxTray”=“c:\windows\system32\igfxtray.exe”

  “HotKeysCmds”=“c:\windows\system32\hkcmd.exe”

  “Persistence”=“c:\windows\system32\igfxpers.exe”

  “GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe”

  “EnableLUA”= 0 (0x0)

  “EnableUIADesktopToggle”= 0 (0x0)

  “AppInit_DLLs”=c:\windows\System32\avgrsstx.dll

  “aux”=wdmaud.drv

  @=“Service”

  2010-04-01 09:16 357696 —-a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

  2009-03-05 14:07 2260480 –sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

  2008-11-04 06:19 57344 —-a-w- c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe

  R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys

  R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys

  R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

  R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys

  R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe

  R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys

  R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service

  R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys

  S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys

  S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys

  S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys

  S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys

  S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys

  S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys

  S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control ;c:\program files\CyberLink\PowerDVD9\000.fcl

  S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe

  S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe

  S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe

  S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

  S2 regi;regi;c:\windows\system32\drivers\regi.sys

  S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe

  S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys

  — Andere Services/Drivers In Geheugen —

  *Deregistered* - BMLoad

  LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

  .

  Inhoud van de ‘Gedeelde Taken’ map

  2010-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-136261241-1024311286-1967364142-1000Core.job

  - c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe

  2010-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-136261241-1024311286-1967364142-1000UA.job

  - c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe

  .

  .

  ——- Bijkomende Scan ——-

  .

  uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0413&s=2&o=vb32&d=1109&m=e725

  mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0413&s=2&o=vb32&d=1109&m=e725

  IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

  LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

  FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\j4x95a2z.default\

  FF - prefs.js: browser.startup.homepage - www.google.nl

  FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

  FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

  FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

  FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

  FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

  FF - plugin: c:\users\Kevin\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

  FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

  —- FIREFOX POLICIES —-

  c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn–mgbaam7a8h”, true);

  c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn–mgberp4a5d4ar”, true);

  c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“dom.ipc.plugins.enabled”, false);

  .

  **************************************************************************

  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

  Rootkit scan 2010-09-17 22:04

  Windows 6.0.6001 Service Pack 1 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  DataCardMonitor = c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe?mp?=c:\w?q??????x?8???8??q????????&??????????????????????q?b?????88?(?8?am files\T-Mobile\T-Mobile Internet Manager\????c:\users????????c:\Program Files\T-Mobile\T-Mobile Internet Mana

  scannen van verborgen bestanden …

  Scan succesvol afgerond

  verborgen bestanden: 0

  **************************************************************************

  “ImagePath”=“\??\c:\program files\CyberLink\PowerDVD9\000.fcl”

  .

  ——————— VERGRENDELDE REGISTER SLEUTELS ———————

  “datasecu”=hex:14,30,55,fa,9f,c8,8a,d7,df,9b,84,ca,61,48,e4,18,48,f9,0b,ba,87,

  cf,8b,2c,0c,c1,13,e8,93,37,ed,6e,d5,7c,40,51,68,4e,26,9d,eb,02,6f,c9,14,3f,\

  “rkeysecu”=hex:bc,14,36,86,e3,95,13,0c,37,23,0a,80,0a,57,a2,62

  @Denied: (2) (LocalSystem)

  @SACL=

  “AppDataDir”=“c:\\ProgramData\\ESET\\ESET Smart Security\\”

  “DataDir”=“ESET\\ESET Smart Security\\”

  “EditionName”=“ ”

  “InstallDir”=“c:\\Program Files\\ESET\\ESET Smart Security\\”

  “LanguageId”=dword:00000413

  “PackageTag”=dword:6090e758

  “ProductBase”=dword:00000001

  “ProductCode”=“{A7D35E45-21A1-451C-A15B-2E7DE98C4D7E}”

  “ProductName”=“ESET Smart Security”

  “ProductType”=“ess”

  “ProductVersion”=“4.0.467.0”

  “UniqueId”=“0007C5124BC5D1D7”

  “ScannerBuild”=dword:00001c2f

  “ScannerVersionId”=dword:00001426

  “ScannerVersion”=“Locked/open ESET for status.”

  “FixId”=dword:00000005

  @Denied: (A) (Users)

  @Denied: (A) (Everyone)

  @Allowed: (B 1 2 3 4 5) (S-1-5-20)

  “BlindDial”=dword:00000000

  @Denied: (A) (Users)

  @Denied: (A) (Everyone)

  @Allowed: (B 1 2 3 4 5) (S-1-5-20)

  “BlindDial”=dword:00000000

  @Denied: (A) (Users)

  @Denied: (A) (Everyone)

  @Allowed: (B 1 2 3 4 5) (S-1-5-20)

  “BlindDial”=dword:00000000

  .

  Voltooingstijd: 2010-09-17 22:08:29

  ComboFix-quarantined-files.txt 2010-09-17 20:08

  Pre-Run: 14.601.371.648 bytes beschikbaar

  Post-Run: 14.548.111.360 bytes beschikbaar

  Current=1 Default=1 Failed=0 LastKnownGood=2 Sets=1,2,3,4

  - - End Of File - - 18EC786C2DD293A994E2EF04FD0B6510

  Logfile of Trend Micro HijackThis v2.0.4

  Scan saved at 22:13:35, on 17-9-2010

  Platform: Windows Vista SP1 (WinNT 6.00.1905)

  MSIE: Internet Explorer v8.00 (8.00.6001.18943)

  Boot mode: Normal

  Running processes:

  C:\Windows\system32\Dwm.exe

  C:\Windows\system32\taskeng.exe

  C:\Windows\system32\igfxsrvc.exe

  C:\Windows\system32\wuauclt.exe

  C:\Windows\system32\conime.exe

  C:\Windows\system32\notepad.exe

  C:\Windows\explorer.exe

  C:\Program Files\AVG\AVG9\avgtray.exe

  C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe

  C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe

  C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe

  C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe

  C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

  C:\Windows\system32\SearchFilterHost.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0413&s=2&o=vb32&d=1109&m=e725

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0413&s=2&o=vb32&d=1109&m=e725

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

  O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll

  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

  O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

  O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

  O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide

  O4 - HKLM\..\Run: C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe

  O4 - HKLM\..\Run: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

  O4 - HKLM\..\Run: C:\PROGRA~1\LAUNCH~1\LManager.exe

  O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

  O4 - HKLM\..\Run: C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe

  O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

  O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

  O4 - HKLM\..\Run: C:\PROGRA~1\AVG\AVG9\avgtray.exe

  O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe

  O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe

  O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe

  O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

  O4 - HKCU\..\Run: “C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe”

  O4 - HKCU\..\Run: “C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe” /c

  O4 - HKCU\..\Run: C:\Windows\system32\timesync.exe

  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

  O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

  O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

  O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

  O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

  O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-NL/wlscctrl2.cab

  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

  O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll

  O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

  O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

  O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

  O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe

  O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe

  O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

  O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

  O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

  O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

  O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

  O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

  O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

  –

  End of file - 7557 bytes

  Rapporteren
• 

  fazantje

  17-09-2010 23:06

  Hoi Kevin,

  Combo ziet er goed uit nu.

  Alleen zie ik wel hitmanpro:(

  Ook zie ik Spyware Blaster -Spybot - Spyware doctor.

  Ook zie ik nog restanten van Eset NOD32

  Verwijder alles behalve Spyware blaster.

  Kijk ook even onder program files en verwijder daar ook de mappen.

  Laat daarna eens Ccleaner draaien.

  ComboFix verwijderen:

  Ga naar Start - Uitvoeren en kopïeer het volgende er in:

  Combofix /Uninstall

  Klik daarna op OK.

  Dit zal Combofix verwijderen.

  Leeg ook eens al jou herstelpunten, je weet hoe dat moet:S:S

  Daarna opnieuw opstarten en vertel even hoe het nu is.

  Succes,

  Huib:)

  

  Nog problemen?

  Rapporteren
• 

  Argus

  18-09-2010 08:34

  “Alleen zie ik wel hitmanpro ”

  @Huib wat is hier het het probleem

  Rapporteren
• 

  Derk

  19-09-2010 20:20

  Beste mensen,

  Sinds een tijdje heb ik een probleem met mijn laptop.

  Na het opstarten van de laptop, verschijnt er een venster

  met daarin ontblote dames.

  Dat is het probleem Zie topic titel om welke site het gaat.

  Rapporteren
• 

  Jos H

  19-09-2010 20:32

  Stappenplan uitvoeren en dan de twee logjes plaatsen in een nieuwe vraag / topic.

  http://antivirus.startpagina.nl/prikbord/4625317/voer-dit-eerst-uit-voordat-je-de-logjes-plaatst!!#msg-4625317

  Rapporteren
• 

  Kef

  20-09-2010 13:48

  Afgelopen paar dagen geen livejasmin vensters gehad.

  Hartstikke fijn!

  Bedankt!

  Rapporteren
• 

  Kef

  24-09-2010 20:39

  Beste mensen,

  Nu vier dagen na dat ik dacht dat het probleem voorbij was,

  is het weer opgedoken.

  Heeft u nog enig idee waar het aan zou kunnen liggen?

  mvg,

  Kef

  Rapporteren