Weergegeven resultaten: 1 t/m 11 van 11

Discussie: csrss.exe logje

  1. #1
    Member TitaTovenaartje's schermafbeelding
    Lid sinds
    2/02/03
    Locatie
    As
    Berichten
    3.432
    iTrader
    19 (100%)

    csrss.exe logje

    Naar aanleiding van
    Hier het logje van Malwarebytes

    Malwarebytes' Anti-Malware 1.40
    Database versie: 2683
    Windows 6.0.6002 Service Pack 2

    29/01/2011 13:14:53
    mbam-log-2011-01-29 (13-14-46).txt

    Scan type: Volledige Scan (C:\|D:\|E:\|)
    Objecten gescand: 253407
    Verstreken tijd: 48 minute(s), 42 second(s)

    Geheugenprocessen ge´nfecteerd: 0
    Geheugenmodulen ge´nfecteerd: 0
    Registersleutels ge´nfecteerd: 0
    Registerwaarden ge´nfecteerd: 0
    Registerdata bestanden ge´nfecteerd: 1
    Mappen ge´nfecteerd: 0
    Bestanden ge´nfecteerd: 1

    Geheugenprocessen ge´nfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen ge´nfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels ge´nfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden ge´nfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden ge´nfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Data: c:\users\steven\appdata\local\temp\csrss.exe -> No action taken.

    Mappen ge´nfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden ge´nfecteerd:
    C:\Users\Steven\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> No action taken.
    En een logje van HJT

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:34:45, on 29/01/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18999)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Belgium Identity Card\beid35gui.exe
    E:\itunes\iTunesHelper.exe
    C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
    C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\Steven\Program Files\DNA\btdna.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Title1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Title1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:64242
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
    O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
    O4 - HKLM\..\Run: [Launch Direct Link] "C:\Program Files\ASUS\AI Direct Link\AsShare.exe"
    O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "E:\itunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [D-Link D-Link DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
    O4 - HKLM\..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Steven\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - Global Startup: hpzsetup.LNK = F:\HPZstub.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files\ASUS\Drive Xpert\SteelVine.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: D_Link_DWA-125 Service (D_Link_DWA-125) - Wireless Service - C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe
    O23 - Service: D_Link_DWA-125_WPS Service (D_Link_DWA-125_WPS) - Unknown owner - C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
    O23 - Service: ExtraFilm upload service (EFUploadSrv) - Unknown owner - C:\Users\Elke\Desktop\ExtraFilm Designer BE NL\EFUploadSrv.exe (file missing)
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 10128 bytes
    ohja, bij het opstarten van HJT krijg ik volgende melding

    http://uploader.be/output/1296304838.jpg



    Steven

  2. #2
    Member Juisterr's schermafbeelding
    Lid sinds
    10/11/06
    Locatie
    Oegstgeest
    Berichten
    2.529
    iTrader
    0
    Download ComboFix van ÚÚn van deze locaties:

    Link 1
    Link 2

    * BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.

    >>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

    1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

    * (hier of hier staat een handleiding over hoe je deze kan uitschakelen

    2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
    3. Dubbelklik op "Combofix.exe" om de tool te starten.
    4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

    * Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

    5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

  3. #3
    Member TitaTovenaartje's schermafbeelding
    Lid sinds
    2/02/03
    Locatie
    As
    Berichten
    3.432
    iTrader
    19 (100%)
    combofix heeft wel gescand op een andere account.
    Weet niet als dit iets uitmaakt!

    ComboFix 11-01-28.03 - Elke 29/01/2011 18:00:48.1.2 - x86
    Microsoft« Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.937 [GMT 1:00]
    Gestart vanuit: c:\users\Elke\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Spyware Doctor *Disabled/Outdated* {F008AB3A-52B9-2B13-3681-4ED4FDA86549}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Public\ComboFix.exe
    c:\users\Steven\AppData\Roaming\inst.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-12-28 to 2011-01-29 ))))))))))))))))))))))))))))))
    .

    2011-01-29 17:05 . 2011-01-29 17:06 -------- d-----w- c:\users\Elke\AppData\Local\temp
    2011-01-29 17:05 . 2011-01-29 17:05 -------- d-----w- c:\users\Steven\AppData\Local\temp
    2011-01-29 17:05 . 2011-01-29 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-29 15:17 . 2011-01-29 15:17 -------- d-----w- c:\users\Elke\AppData\Roaming\Malwarebytes
    2011-01-28 14:05 . 2011-01-28 14:05 -------- d-----w- c:\users\Steven\AppData\Roaming\IObit
    2011-01-28 13:59 . 2011-01-28 13:59 -------- d-----w- c:\program files\FreeApps
    2011-01-28 13:59 . 2011-01-28 13:59 -------- d-----w- c:\programdata\FreeApp
    2011-01-28 13:59 . 2010-12-13 16:03 29008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2011-01-28 13:59 . 2010-11-26 17:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2011-01-28 13:59 . 2011-01-28 13:59 -------- d-----w- c:\programdata\IObit
    2011-01-28 13:58 . 2011-01-29 12:31 -------- d-----w- c:\program files\IObit
    2011-01-28 13:58 . 2011-01-29 12:29 -------- d-----w- c:\users\Elke\AppData\Roaming\IObit
    2011-01-23 17:01 . 2007-10-30 09:25 372736 ----a-w- c:\windows\system32\hppldcoi.dll
    2011-01-23 17:01 . 2007-10-30 09:25 309760 ----a-w- c:\windows\system32\difxapi.dll
    2011-01-23 17:01 . 2007-10-21 16:45 729088 ----a-w- c:\windows\system32\hpowiax7.dll
    2011-01-23 17:01 . 2007-10-21 16:45 581632 ----a-w- c:\windows\system32\hpotscl6.dll
    2011-01-23 17:01 . 2007-10-21 16:45 303104 ----a-w- c:\windows\system32\hpovst15.dll
    2011-01-22 20:29 . 2011-01-22 20:29 -------- d-----w- c:\program files\Panda Security
    2011-01-22 14:58 . 2011-01-22 13:10 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2011-01-22 13:10 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-01-22 13:10 . 2011-01-22 13:10 -------- d-----w- c:\users\Steven\AppData\Local\Sunbelt Software
    2011-01-22 13:07 . 2011-01-22 13:07 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2011-01-16 10:04 . 2011-01-16 10:04 -------- d-----w- c:\users\Elke\AppData\Local\Downloaded Installations
    2011-01-12 14:51 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
    2011-01-12 14:51 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2011-01-12 14:51 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
    2011-01-12 14:49 . 2011-01-12 14:49 -------- d-----w- c:\program files\Ubisoft
    2011-01-12 12:09 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-12 12:09 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-12 12:09 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-12 12:09 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-12 12:09 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
    2011-01-12 12:09 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-12 12:09 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-01-02 08:34 . 2011-01-02 08:34 -------- d-----w- c:\users\Elke\.jordan

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2011-01-22 13:10 . 2009-10-28 13:01 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-12-26 19:37 . 2008-07-21 14:16 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-11-04 18:56 . 2010-12-19 17:57 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55 . 2010-12-19 17:57 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55 . 2010-12-19 17:57 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55 . 2010-12-19 17:57 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34 . 2010-12-19 17:57 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 06:01 . 2010-12-19 17:57 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57 . 2010-12-19 17:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57 . 2010-12-19 17:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57 . 2010-12-19 17:57 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57 . 2010-12-19 17:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01 . 2010-12-19 17:57 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26 . 2010-12-19 17:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24 . 2010-12-19 17:57 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
    "Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-05-09 1423360]
    "QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
    "Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
    "Launch Direct Link"="c:\program files\ASUS\AI Direct Link\AsShare.exe" [2007-11-16 1209856]
    "Launch As Cmd Runner"="c:\program files\ASUS\AI Direct Link\AsCmd.exe" [2007-04-11 376832]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-07-17 249856]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "snp2std"="c:\windows\vsnp2std.exe" [2005-10-20 339968]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="e:\itunes\iTunesHelper.exe" [2010-06-15 141624]
    "D-Link D-Link DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2009-10-19 995328]
    "WZCSLDR2"="c:\program files\D-Link\DWA-125 revA\WZCSLDR2.exe" [2009-10-19 122880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
    "AvgUninstallURL"="start http:" [X]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    hpzsetup.LNK - F:\HPZstub.exe [N/A]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2008-9-7 91440]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-19 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2011-01-22 13:10 936712 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
    2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    2009-11-13 13:57 323392 ----a-w- c:\users\Steven\Program Files\DNA\btdna.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
    2007-12-01 15:38 38400 ----a-r- c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    2006-09-14 20:09 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drive Xpert]
    2008-05-22 14:39 10235904 ----a-w- c:\program files\ASUS\Drive Xpert\DriveXpert.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-14 19:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
    2006-12-05 20:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2006-11-23 13:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-03-09 04:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2008-09-26 13:50 206184 ----a-w- d:\program files\TomTom HOME 2\HOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
    2006-11-29 09:58 90112 ------w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

    R1 ctredr15.sys;ctredr15.sys;c:\windows\system32\driv ers\ctredr15.sys [x]
    R2 57xx SteelVine Manager;57xx SteelVine;c:\program files\ASUS\Drive Xpert\SteelVine.exe [2008-05-22 1286144]
    R2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files\D-Link\DWA-125 revA\ANIWZCSdS.exe [2009-08-21 126976]
    R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-01-22 1402272]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
    R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
    R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
    R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
    R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
    R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
    R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
    R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
    S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotc ore3.sys [2008-06-25 40368]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
    S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.s ys [2008-05-19 150568]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [2009-06-30 28552]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\Sys tem32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-19 721904]
    S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]
    S2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files\D-Link\DWA-125 revA\ANIWConnService.exe [2009-07-07 40960]
    S2 EFUploadSrv;ExtraFilm upload service;c:\users\Elke\Desktop\ExtraFilm Designer BE NL\EFUploadSrv.exe [2009-07-09 1716224]
    S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2009-05-05 35712]
    S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [2009-09-15 798208]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Inhoud van de 'Gedeelde Taken' map

    2011-01-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 13:10]

    2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 12:09]

    2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 12:09]

    2010-08-26 c:\windows\Tasks\OGADaily.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

    2011-01-29 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

    2011-01-29 c:\windows\Tasks\User_Feed_Synchronization-{C2FE9263-0B24-4D2D-8B3F-481064A6BDC6}.job
    - c:\windows\system32\msfeedssync.exe [2010-12-19 04:25]

    2011-01-29 c:\windows\Tasks\User_Feed_Synchronization-{F8985F24-3CF4-4324-B319-536DA4AE0D75}.job
    - c:\windows\system32\msfeedssync.exe [2010-12-19 04:25]
    .
    .
    ------- Bijkomende Scan -------
    .
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: c:\windows\system32\wpclsp.dll
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\users\Elke\AppData\Roaming\Mozilla\Firefox\Prof iles\hfphtkn7.Elke\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.babybelgie.com/babyforum/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=723823&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    - - - - ORPHANS VERWIJDERD - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel MediaOne\Corel PhotoDownloader.exe
    MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
    MSConfigStartUp-InCD - c:\program files\Nero\Nero 7\InCD\InCD.exe
    MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    MSConfigStartUp-SecurDisc - c:\program files\Nero\Nero 7\InCD\NBHGui.exe



    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2011-01-29 18:06
    Windows 6.0.6002 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    ************************************************** ************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Voltooingstijd: 2011-01-29 18:07:53
    ComboFix-quarantined-files.txt 2011-01-29 17:07

    Pre-Run: 3.401.838.592 bytes beschikbaar
    Post-Run: 3.574.427.648 bytes beschikbaar

    - - End Of File - - 1E977EDDD1D417750466FEB84712A6A4

  4. #4
    Member TitaTovenaartje's schermafbeelding
    Lid sinds
    2/02/03
    Locatie
    As
    Berichten
    3.432
    iTrader
    19 (100%)
    Dit logje is van op mijn account

    ComboFix 11-01-29.02 - Steven 30/01/2011 9:38.2.2 - x86
    Microsoft« Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.810 [GMT 1:00]
    Gestart vanuit: c:\users\Steven\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Spyware Doctor *Disabled/Outdated* {F008AB3A-52B9-2B13-3681-4ED4FDA86549}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2010-12-28 to 2011-01-30 ))))))))))))))))))))))))))))))
    .

    2011-01-30 08:42 . 2011-01-30 08:42 -------- d-----w- c:\users\Steven\AppData\Local\temp
    2011-01-30 08:42 . 2011-01-30 08:42 -------- d-----w- c:\users\Elke\AppData\Local\temp
    2011-01-30 08:42 . 2011-01-30 08:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-29 15:17 . 2011-01-29 15:17 -------- d-----w- c:\users\Elke\AppData\Roaming\Malwarebytes
    2011-01-28 14:05 . 2011-01-28 14:05 -------- d-----w- c:\users\Steven\AppData\Roaming\IObit
    2011-01-28 13:59 . 2011-01-28 13:59 -------- d-----w- c:\program files\FreeApps
    2011-01-28 13:59 . 2011-01-28 13:59 -------- d-----w- c:\programdata\FreeApp
    2011-01-28 13:59 . 2010-12-13 16:03 29008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2011-01-28 13:59 . 2010-11-26 17:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2011-01-28 13:59 . 2011-01-28 13:59 -------- d-----w- c:\programdata\IObit
    2011-01-28 13:58 . 2011-01-29 12:31 -------- d-----w- c:\program files\IObit
    2011-01-28 13:58 . 2011-01-29 12:29 -------- d-----w- c:\users\Elke\AppData\Roaming\IObit
    2011-01-23 17:01 . 2007-10-30 09:25 372736 ----a-w- c:\windows\system32\hppldcoi.dll
    2011-01-23 17:01 . 2007-10-30 09:25 309760 ----a-w- c:\windows\system32\difxapi.dll
    2011-01-23 17:01 . 2007-10-21 16:45 729088 ----a-w- c:\windows\system32\hpowiax7.dll
    2011-01-23 17:01 . 2007-10-21 16:45 581632 ----a-w- c:\windows\system32\hpotscl6.dll
    2011-01-23 17:01 . 2007-10-21 16:45 303104 ----a-w- c:\windows\system32\hpovst15.dll
    2011-01-22 20:29 . 2011-01-22 20:29 -------- d-----w- c:\program files\Panda Security
    2011-01-22 14:58 . 2011-01-22 13:10 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2011-01-22 13:10 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-01-22 13:10 . 2011-01-22 13:10 -------- d-----w- c:\users\Steven\AppData\Local\Sunbelt Software
    2011-01-22 13:07 . 2011-01-22 13:07 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2011-01-16 10:04 . 2011-01-16 10:04 -------- d-----w- c:\users\Elke\AppData\Local\Downloaded Installations
    2011-01-12 14:51 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
    2011-01-12 14:51 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2011-01-12 14:51 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
    2011-01-12 14:49 . 2011-01-12 14:49 -------- d-----w- c:\program files\Ubisoft
    2011-01-12 12:09 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-12 12:09 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-12 12:09 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-12 12:09 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-12 12:09 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
    2011-01-12 12:09 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-12 12:09 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-01-02 08:34 . 2011-01-02 08:34 -------- d-----w- c:\users\Elke\.jordan

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2011-01-22 13:10 . 2009-10-28 13:01 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-12-26 19:37 . 2008-07-21 14:16 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-11-04 18:56 . 2010-12-19 17:57 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55 . 2010-12-19 17:57 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55 . 2010-12-19 17:57 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55 . 2010-12-19 17:57 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34 . 2010-12-19 17:57 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 06:01 . 2010-12-19 17:57 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57 . 2010-12-19 17:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57 . 2010-12-19 17:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57 . 2010-12-19 17:57 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57 . 2010-12-19 17:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01 . 2010-12-19 17:57 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26 . 2010-12-19 17:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24 . 2010-12-19 17:57 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
    "BitTorrent DNA"="c:\users\Steven\Program Files\DNA\btdna.exe" [2009-11-13 323392]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
    "Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-05-09 1423360]
    "QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
    "Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
    "Launch Direct Link"="c:\program files\ASUS\AI Direct Link\AsShare.exe" [2007-11-16 1209856]
    "Launch As Cmd Runner"="c:\program files\ASUS\AI Direct Link\AsCmd.exe" [2007-04-11 376832]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-07-17 249856]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "snp2std"="c:\windows\vsnp2std.exe" [2005-10-20 339968]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="e:\itunes\iTunesHelper.exe" [2010-06-15 141624]
    "D-Link D-Link DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2009-10-19 995328]
    "WZCSLDR2"="c:\program files\D-Link\DWA-125 revA\WZCSLDR2.exe" [2009-10-19 122880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
    "AvgUninstallURL"="start http:" [X]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    hpzsetup.LNK - F:\HPZstub.exe [N/A]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2008-9-7 91440]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-19 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2011-01-22 13:10 936712 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
    2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    2009-11-13 13:57 323392 ----a-w- c:\users\Steven\Program Files\DNA\btdna.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
    2007-12-01 15:38 38400 ----a-r- c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    2006-09-14 20:09 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drive Xpert]
    2008-05-22 14:39 10235904 ----a-w- c:\program files\ASUS\Drive Xpert\DriveXpert.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-14 19:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
    2006-12-05 20:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2006-11-23 13:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-03-09 04:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2008-09-26 13:50 206184 ----a-w- d:\program files\TomTom HOME 2\HOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
    2006-11-29 09:58 90112 ------w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

    R1 ctredr15.sys;ctredr15.sys;c:\windows\system32\driv ers\ctredr15.sys [x]
    R2 57xx SteelVine Manager;57xx SteelVine;c:\program files\ASUS\Drive Xpert\SteelVine.exe [2008-05-22 1286144]
    R2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files\D-Link\DWA-125 revA\ANIWZCSdS.exe [2009-08-21 126976]
    R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-01-22 1402272]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
    R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
    R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
    R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
    R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
    R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
    R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
    R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
    S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotc ore3.sys [2008-06-25 40368]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
    S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.s ys [2008-05-19 150568]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [2009-06-30 28552]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\Sys tem32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-19 721904]
    S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]
    S2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files\D-Link\DWA-125 revA\ANIWConnService.exe [2009-07-07 40960]
    S2 EFUploadSrv;ExtraFilm upload service;c:\users\Elke\Desktop\ExtraFilm Designer BE NL\EFUploadSrv.exe [2009-07-09 1716224]
    S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2009-05-05 35712]
    S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [2009-09-15 798208]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Inhoud van de 'Gedeelde Taken' map

    2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 12:09]

    2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 12:09]

    2010-08-26 c:\windows\Tasks\OGADaily.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

    2011-01-30 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

    2011-01-29 c:\windows\Tasks\User_Feed_Synchronization-{C2FE9263-0B24-4D2D-8B3F-481064A6BDC6}.job
    - c:\windows\system32\msfeedssync.exe [2010-12-19 04:25]

    2011-01-30 c:\windows\Tasks\User_Feed_Synchronization-{F8985F24-3CF4-4324-B319-536DA4AE0D75}.job
    - c:\windows\system32\msfeedssync.exe [2010-12-19 04:25]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:64242
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: c:\windows\system32\wpclsp.dll
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Pr ofiles\x0ptg26a.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=723823&p=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 64242
    FF - prefs.js: network.proxy.type - 1
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS VERWIJDERD - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)



    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2011-01-30 09:42
    Windows 6.0.6002 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    ************************************************** ************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'Explorer.exe'(5588)
    c:\program files\Logitech\SetPoint\lgscroll.dll
    .
    Voltooingstijd: 2011-01-30 09:44:29
    ComboFix-quarantined-files.txt 2011-01-30 08:44
    ComboFix2.txt 2011-01-29 17:07

    Pre-Run: 3.428.040.704 bytes beschikbaar
    Post-Run: 3.918.966.784 bytes beschikbaar

    - - End Of File - - C67D75FB4A5438BFD1521335A53DB8C7

  5. #5
    Member Juisterr's schermafbeelding
    Lid sinds
    10/11/06
    Locatie
    Oegstgeest
    Berichten
    2.529
    iTrader
    0
    Beter nu ?

  6. #6
    Member TitaTovenaartje's schermafbeelding
    Lid sinds
    2/02/03
    Locatie
    As
    Berichten
    3.432
    iTrader
    19 (100%)
    Met IE kan ik surfen maar nog steeds niet met FF


    Deze melding krijg ik als ik FF open
    http://uploader.be/output/1296567766.jpg

  7. #7
    Member Juisterr's schermafbeelding
    Lid sinds
    10/11/06
    Locatie
    Oegstgeest
    Berichten
    2.529
    iTrader
    0
    Misschien overwegen om die opnieuw te installeren. ?

    Probeer anders dit even .
    Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

    Firefox::
    FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Pr ofiles\x0ptg26a.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=723823&p=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 64242
    FF - prefs.js: network.proxy.type - 1
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false




    Sla dit op op je Bureaublad als CFScript.txt.

    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

    http://crew.nucia.eu/smeenk/CFScript.gif
    Dit zal ComboFix doen herstarten.

    Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

  8. #8
    Member TitaTovenaartje's schermafbeelding
    Lid sinds
    2/02/03
    Locatie
    As
    Berichten
    3.432
    iTrader
    19 (100%)
    FF werkt nog niet na dit.
    Hier de resultaten

    ComboFix 11-01-31.02 - Steven 02/02/2011 13:39:17.3.2 - x86
    Microsoft« Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.903 [GMT 1:00]
    Gestart vanuit: c:\users\Steven\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Steven\Desktop\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Spyware Doctor *Disabled/Outdated* {F008AB3A-52B9-2B13-3681-4ED4FDA86549}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png
    c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\preview.png
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
    c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\install.rdf
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\chrom e.manifest
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\conte nt\BelgiumEidPKCS11.js
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\conte nt\firefoxOverlay.xul
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\conte nt\overlay.js
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\conte nt\util.js
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\defau lts\preferences\belgiumeid.js
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\icon. png
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\insta ll.rdf
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\local e\en-US\belgiumeid.dtd
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\local e\en-US\belgiumeid.properties
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\local e\fr-FR\belgiumeid.properties
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\local e\nl-NL\belgiumeid.properties
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\platf orm\Darwin\defaults\preferences\belgiumeid.js
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\platf orm\Linux\defaults\preferences\belgiumeid.js
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\platf orm\WINNT\defaults\preferences\belgiumeid.js
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\skin\ icon.png
    c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be\skin\ overlay.css
    c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome.manifes t
    c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome\chrome. jar
    c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\defaults\prefe rences\defaults.js
    c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\install.rdf
    c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\MicrosoftDotNe tFrameworkAssistant.xpi

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-01-02 to 2011-02-02 ))))))))))))))))))))))))))))))
    .

    2011-02-02 12:44 . 2011-02-02 12:44 -------- d-----w- c:\users\Steven\AppData\Local\temp
    2011-02-02 12:44 . 2011-02-02 12:44 -------- d-----w- c:\users\Elke\AppData\Local\temp
    2011-02-02 12:44 . 2011-02-02 12:44 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-01 17:41 . 2011-02-01 17:41 -------- d-----w- c:\users\Elke\AppData\Roaming\AVG10
    2011-02-01 15:34 . 2011-02-01 15:34 -------- d-----w- c:\users\Steven\AppData\Roaming\AVG10
    2011-02-01 15:12 . 2011-02-01 15:12 -------- d--h--w- c:\programdata\Common Files
    2011-02-01 15:09 . 2011-02-02 12:13 -------- d-----w- c:\programdata\AVG10
    2011-02-01 15:04 . 2011-02-01 15:08 -------- d-----w- c:\programdata\MFAData
    2011-01-29 15:17 . 2011-01-29 15:17 -------- d-----w- c:\users\Elke\AppData\Roaming\Malwarebytes
    2011-01-28 14:05 . 2011-01-28 14:05 -------- d-----w- c:\users\Steven\AppData\Roaming\IObit
    2011-01-28 13:59 . 2011-01-28 13:59 -------- d-----w- c:\program files\FreeApps
    2011-01-28 13:59 . 2011-01-28 13:59 -------- d-----w- c:\programdata\FreeApp
    2011-01-28 13:59 . 2010-12-13 16:03 29008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2011-01-28 13:59 . 2010-11-26 17:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2011-01-28 13:59 . 2011-01-28 13:59 -------- d-----w- c:\programdata\IObit
    2011-01-28 13:58 . 2011-01-29 12:31 -------- d-----w- c:\program files\IObit
    2011-01-28 13:58 . 2011-01-29 12:29 -------- d-----w- c:\users\Elke\AppData\Roaming\IObit
    2011-01-23 17:01 . 2007-10-30 09:25 372736 ----a-w- c:\windows\system32\hppldcoi.dll
    2011-01-23 17:01 . 2007-10-30 09:25 309760 ----a-w- c:\windows\system32\difxapi.dll
    2011-01-23 17:01 . 2007-10-21 16:45 729088 ----a-w- c:\windows\system32\hpowiax7.dll
    2011-01-23 17:01 . 2007-10-21 16:45 581632 ----a-w- c:\windows\system32\hpotscl6.dll
    2011-01-23 17:01 . 2007-10-21 16:45 303104 ----a-w- c:\windows\system32\hpovst15.dll
    2011-01-22 20:29 . 2011-01-22 20:29 -------- d-----w- c:\program files\Panda Security
    2011-01-22 14:58 . 2011-01-22 13:10 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2011-01-22 13:10 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-01-22 13:10 . 2011-01-22 13:10 -------- d-----w- c:\users\Steven\AppData\Local\Sunbelt Software
    2011-01-22 13:07 . 2011-01-22 13:07 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2011-01-16 10:04 . 2011-01-16 10:04 -------- d-----w- c:\users\Elke\AppData\Local\Downloaded Installations
    2011-01-12 14:51 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
    2011-01-12 14:51 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2011-01-12 14:51 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
    2011-01-12 14:49 . 2011-01-12 14:49 -------- d-----w- c:\program files\Ubisoft
    2011-01-12 12:09 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-12 12:09 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-12 12:09 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-12 12:09 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-12 12:09 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
    2011-01-12 12:09 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-12 12:09 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2011-01-22 13:10 . 2009-10-28 13:01 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-12-26 19:37 . 2008-07-21 14:16 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-11-04 18:56 . 2010-12-19 17:57 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55 . 2010-12-19 17:57 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55 . 2010-12-19 17:57 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55 . 2010-12-19 17:57 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34 . 2010-12-19 17:57 171520 ----a-w- c:\windows\system32\taskeng.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
    "BitTorrent DNA"="c:\users\Steven\Program Files\DNA\btdna.exe" [2009-11-13 323392]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
    "Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-05-09 1423360]
    "QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
    "Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
    "Launch Direct Link"="c:\program files\ASUS\AI Direct Link\AsShare.exe" [2007-11-16 1209856]
    "Launch As Cmd Runner"="c:\program files\ASUS\AI Direct Link\AsCmd.exe" [2007-04-11 376832]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-07-17 249856]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "snp2std"="c:\windows\vsnp2std.exe" [2005-10-20 339968]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="e:\itunes\iTunesHelper.exe" [2010-06-15 141624]
    "D-Link D-Link DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2009-10-19 995328]
    "WZCSLDR2"="c:\program files\D-Link\DWA-125 revA\WZCSLDR2.exe" [2009-10-19 122880]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    hpzsetup.LNK - F:\HPZstub.exe [N/A]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2008-9-7 91440]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-19 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2011-01-22 13:10 936712 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
    2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    2009-11-13 13:57 323392 ----a-w- c:\users\Steven\Program Files\DNA\btdna.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
    2007-12-01 15:38 38400 ----a-r- c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    2006-09-14 20:09 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drive Xpert]
    2008-05-22 14:39 10235904 ----a-w- c:\program files\ASUS\Drive Xpert\DriveXpert.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-14 19:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
    2006-12-05 20:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2006-11-23 13:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-03-09 04:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2008-09-26 13:50 206184 ----a-w- d:\program files\TomTom HOME 2\HOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
    2006-11-29 09:58 90112 ------w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

    R1 ctredr15.sys;ctredr15.sys;c:\windows\system32\driv ers\ctredr15.sys [x]
    R2 57xx SteelVine Manager;57xx SteelVine;c:\program files\ASUS\Drive Xpert\SteelVine.exe [2008-05-22 1286144]
    R2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files\D-Link\DWA-125 revA\ANIWZCSdS.exe [2009-08-21 126976]
    R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-01-22 1402272]
    R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2009-05-05 35712]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
    R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
    R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
    R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
    R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
    R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
    R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
    R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
    S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotc ore3.sys [2008-06-25 40368]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
    S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.s ys [2008-05-19 150568]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [2009-06-30 28552]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\Sys tem32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-19 721904]
    S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]
    S2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files\D-Link\DWA-125 revA\ANIWConnService.exe [2009-07-07 40960]
    S2 EFUploadSrv;ExtraFilm upload service;c:\users\Elke\Desktop\ExtraFilm Designer BE NL\EFUploadSrv.exe [2009-07-09 1716224]
    S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [2009-09-15 798208]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Inhoud van de 'Gedeelde Taken' map

    2011-02-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 13:10]

    2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 12:09]

    2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 12:09]

    2010-08-26 c:\windows\Tasks\OGADaily.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

    2011-02-02 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

    2011-02-01 c:\windows\Tasks\User_Feed_Synchronization-{C2FE9263-0B24-4D2D-8B3F-481064A6BDC6}.job
    - c:\windows\system32\msfeedssync.exe [2010-12-19 04:25]

    2011-02-02 c:\windows\Tasks\User_Feed_Synchronization-{F8985F24-3CF4-4324-B319-536DA4AE0D75}.job
    - c:\windows\system32\msfeedssync.exe [2010-12-19 04:25]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:64242
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: c:\windows\system32\wpclsp.dll
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Pr ofiles\x0ptg26a.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=723823&p=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 64242
    FF - prefs.js: network.proxy.type - 1
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .

    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2011-02-02 13:44
    Windows 6.0.6002 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    ************************************************** ************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Voltooingstijd: 2011-02-02 13:46:17
    ComboFix-quarantined-files.txt 2011-02-02 12:46
    ComboFix2.txt 2011-01-30 08:44
    ComboFix3.txt 2011-01-29 17:07

    Pre-Run: 3.656.163.328 bytes beschikbaar
    Post-Run: 3.513.270.272 bytes beschikbaar

    - - End Of File - - 9F1AAEB1103F3A08C6C98DBF82FB08D9

  9. #9
    Member TitaTovenaartje's schermafbeelding
    Lid sinds
    2/02/03
    Locatie
    As
    Berichten
    3.432
    iTrader
    19 (100%)
    Ben eens gaan zoeken op google naar mijn probleem

    Gewoon bij FF de proxyserver uit gaan zetten en het werkt nu :-)
    Wat doet die proxy eigenlijk? Kan het kwaad dat die uit staat nu?

    Alvast bedankt

  10. #10
    Member Juisterr's schermafbeelding
    Lid sinds
    10/11/06
    Locatie
    Oegstgeest
    Berichten
    2.529
    iTrader
    0
    Nee hoor want je werkt niet via proxy. Een proxy-server deelt in feite zijn internetverbinding.

  11. #11
    Member TitaTovenaartje's schermafbeelding
    Lid sinds
    2/02/03
    Locatie
    As
    Berichten
    3.432
    iTrader
    19 (100%)
    ok
    Dan is het probleem opgelost
    bedankt!


    S.

Discussie informatie

Users Browsing this Thread

Op dit moment bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •