Toolbar moet weg, opstarten gaat niet goed, Panda weg soms

anoniem · 24 september 2011

Hallo, daar ben ik weer eens op jullie goede forum. Ik heb hulp nodig denk ik! (laptop Compaq Pressario, met XP en GP12, MozillaFirefox) E.e.a. gaat toch weer niet goed met mijn laptop. Er is iets fout gegaan of ik heb iets fout gedaan. Dat weet ik niet, maar mijn problemen zijn: 1) Het opstarten duurt heel lang en niet alles start goed op, er blijven programma's hangen bij t opstarten lijkt wel, waardoor er foutmeldingen komen en ik opnieuw moet rebooten. (TPSrv.exe is daar eentje van). De ventilator gaat heel hard draaien en CPU is hoog +/- 95%. 2) Daarnaast heb ik een toolbar van vuze in mijn MozillaFirefox die ik niet wil, die is er bij een update opgekomen, terwijl ik toch echt het vinkje weg had gehaald bij de installatie van de update...?! En die krijg ik nu niet meer weg. 3) Daarnaast floept het Panda hoofdje soms ineens van mijn scherm weg en als ik dan via configuratie via de beveiliging Panda open, staat er alles in rood van bedreiging en dat ik het moet oplossen...? Meestal op die button van 'oplossen' klikken en na 2 of 3x zegt ie rebooten. Daarna is het weer even goed. 4) Ook Adobe geeft telkens een mislukte update aan. Heb dit al een paar keer handmatig dan via de site gedaan, maar dan geeft een schermpje aan dat deze al is geinstalleerd... Zo geeft de Plugincheck bij MozillaFirefox aan dat het okay is, zo staat er updaten ineens. Dit al een paar dagen. (install_flashplayer10_chra_aih). Dus weer een kreet om hulp van mij. MBAM geeft geen besmetting en Panda ook niet als ik die scan. HiJackThisLog hieronder. HJT-log: [hjt] Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:23:20, on 24-9-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal [b:47bfb8d893]Running processes:[/b:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]smss.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]winlogon.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]services.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]lsass.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]svchost.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]svchost.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]tpsrv.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]webproxy.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]spoolsv.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\common files\arcsoft\connection service\bin\[/color:47bfb8d893][color=blue:47bfb8d893]acservice.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\ehome\[/color:47bfb8d893][color=blue:47bfb8d893]ehrecvr.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\ehome\[/color:47bfb8d893][color=blue:47bfb8d893]ehsched.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]svchost.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\java\jre6\bin\[/color:47bfb8d893][color=blue:47bfb8d893]jqs.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\common files\lightscribe\[/color:47bfb8d893][color=blue:47bfb8d893]lssrvc.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\microsoft sql server\mssql\binn\[/color:47bfb8d893][color=blue:47bfb8d893]sqlservr.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]svchost.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]nvsvc32.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]psctrls.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]pavfnsvr.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\common files\panda security\pavshld\[/color:47bfb8d893][color=blue:47bfb8d893]pavprsrv.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]svchost.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\firewall\[/color:47bfb8d893][color=blue:47bfb8d893]pshost.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]psimsvc.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]psksvc.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\hewlett-packard\shared\[/color:47bfb8d893][color=blue:47bfb8d893]hpqwmiex.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\[/color:47bfb8d893][color=blue:47bfb8d893]explorer.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]pavsrvx86.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]avengine.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\ehome\[/color:47bfb8d893][color=blue:47bfb8d893]ehtray.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\hpq\hp wireless assistant\[/color:47bfb8d893][color=blue:47bfb8d893]hp wireless assistant.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\synaptics\syntp\[/color:47bfb8d893][color=blue:47bfb8d893]syntpenh.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\hp\quickplay\[/color:47bfb8d893][color=blue:47bfb8d893]qpservice.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\hp\hp software update\[/color:47bfb8d893][color=blue:47bfb8d893]hpwuschd2.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\common files\arcsoft\connection service\bin\[/color:47bfb8d893][color=blue:47bfb8d893]acdaemon.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]apvxdwin.exe[/color:47bfb8d893] c:\program files\common files\arcsoft\connection service\bin\arccon.ac [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]ctfmon.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\windows media player\[/color:47bfb8d893][color=blue:47bfb8d893]wmpnscfg.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\microsoft sql server\80\tools\binn\[/color:47bfb8d893][color=blue:47bfb8d893]sqlmangr.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\arcsoft\totalmedia 3.5\[/color:47bfb8d893][color=blue:47bfb8d893]tmmonitor.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\hp\digital imaging\bin\[/color:47bfb8d893][color=blue:47bfb8d893]hpqimzone.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]dllhost.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\ehome\[/color:47bfb8d893][color=blue:47bfb8d893]ehmsas.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]srvload.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]pavbckpt.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\wbem\[/color:47bfb8d893][color=blue:47bfb8d893]wmiapsrv.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]iface.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]svchost.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\documents and settings\user\mijn documenten\[/color:47bfb8d893][color=blue:47bfb8d893]snagit32.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\mozilla firefox\[/color:47bfb8d893][color=blue:47bfb8d893]firefox.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\mozilla firefox\[/color:47bfb8d893][color=blue:47bfb8d893]plugin-container.exe[/color:47bfb8d893] [color=teal:47bfb8d893]c:\program files\trend micro\hijackthis\[/color:47bfb8d893][color=blue:47bfb8d893]hijackthis.exe[/color:47bfb8d893] [color=silver:47bfb8d893]r0 -[/color:47bfb8d893] [color=brown:47bfb8d893]hkcu\software\microsoft\internet explorer\main[/color:47bfb8d893],start page = [u:47bfb8d893][noparse]http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1205961512&rver=4.5.2130.0&wp=mbi&wreply=http:%2f%2fmail.live.com%2fdefault.aspx&id=64855[/noparse][/u:47bfb8d893] [color=silver:47bfb8d893]r1 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\software\microsoft\internet explorer\main[/color:47bfb8d893],default_page_url = [u:47bfb8d893][noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse][/u:47bfb8d893] [color=silver:47bfb8d893]r1 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\software\microsoft\internet explorer\main[/color:47bfb8d893],default_search_url = [u:47bfb8d893][noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse][/u:47bfb8d893] [color=silver:47bfb8d893]r1 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\software\microsoft\internet explorer\main[/color:47bfb8d893],search page = [u:47bfb8d893][noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse][/u:47bfb8d893] [color=silver:47bfb8d893]r0 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\software\microsoft\internet explorer\main[/color:47bfb8d893],start page = [u:47bfb8d893][noparse]http://www.troner.net/[/noparse][/u:47bfb8d893] [color=silver:47bfb8d893]r0 -[/color:47bfb8d893] [color=brown:47bfb8d893]hkcu\software\microsoft\internet explorer\toolbar[/color:47bfb8d893],linksfoldername = koppelingen [color=silver:47bfb8d893]o2 -[/color:47bfb8d893] [color=brown:47bfb8d893]bho[/color:47bfb8d893]: acroiehelperstub - [color=orange:47bfb8d893]{18df081c-e8ad-4283-a596-fa578c2ebdc3}[/color:47bfb8d893] - [color=teal:47bfb8d893]c:\program files\common files\adobe\acrobat\activex\[/color:47bfb8d893][color=blue:47bfb8d893]acroiehelpershim.dll[/color:47bfb8d893] [color=silver:47bfb8d893]o2 -[/color:47bfb8d893] [color=brown:47bfb8d893]bho[/color:47bfb8d893]: skypeiepluginbho - [color=orange:47bfb8d893]{ae805869-2e5c-4ed4-8f7b-f1f7851a4497}[/color:47bfb8d893] - [color=teal:47bfb8d893]c:\program files\skype\toolbars\internet explorer\[/color:47bfb8d893][color=blue:47bfb8d893]skypeieplugin.dll[/color:47bfb8d893] [color=silver:47bfb8d893]o2 -[/color:47bfb8d893] [color=brown:47bfb8d893]bho[/color:47bfb8d893]: java(tm) plug-in 2 ssv helper - [color=orange:47bfb8d893]{dbc80044-a445-435b-bc74-9c25c1c588a9}[/color:47bfb8d893] - [color=teal:47bfb8d893]c:\program files\java\jre6\bin\[/color:47bfb8d893][color=blue:47bfb8d893]jp2ssv.dll[/color:47bfb8d893] [color=silver:47bfb8d893]o2 -[/color:47bfb8d893] [color=brown:47bfb8d893]bho[/color:47bfb8d893]: jqsiestartdetectorimpl - [color=orange:47bfb8d893]{e7e6f031-17ce-4c07-bc86-eabfe594f69c}[/color:47bfb8d893] - [color=teal:47bfb8d893]c:\program files\java\jre6\lib\deploy\jqs\ie\[/color:47bfb8d893][color=blue:47bfb8d893]jqs_plugin.dll[/color:47bfb8d893] [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\..\run[/color:47bfb8d893]: [b:47bfb8d893][ehtray][/b:47bfb8d893] [color=teal:47bfb8d893]c:\windows\ehome\[/color:47bfb8d893][color=blue:47bfb8d893]ehtray.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\..\run[/color:47bfb8d893]: [b:47bfb8d893][hpwirelessassistant][/b:47bfb8d893] [color=teal:47bfb8d893]c:\program files\hpq\hp wireless assistant\[/color:47bfb8d893][color=blue:47bfb8d893]hp wireless assistant.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\..\run[/color:47bfb8d893]: [b:47bfb8d893][high definition audio property page shortcut][/b:47bfb8d893] chdaudpropshortcut.exe [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\..\run[/color:47bfb8d893]: [b:47bfb8d893][syntpenh][/b:47bfb8d893] [color=teal:47bfb8d893]c:\program files\synaptics\syntp\[/color:47bfb8d893][color=blue:47bfb8d893]syntpenh.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\..\run[/color:47bfb8d893]: [b:47bfb8d893][qpservice][/b:47bfb8d893] [color=teal:47bfb8d893]c:\program files\hp\quickplay\[/color:47bfb8d893][color=blue:47bfb8d893]qpservice.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\..\run[/color:47bfb8d893]: [b:47bfb8d893][cpqset][/b:47bfb8d893] [color=teal:47bfb8d893]c:\program files\hewlett-packard\default settings\[/color:47bfb8d893][color=blue:47bfb8d893]cpqset.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\..\run[/color:47bfb8d893]: [b:47bfb8d893][recguard][/b:47bfb8d893] [color=teal:47bfb8d893]c:\windows\sminst\[/color:47bfb8d893][color=blue:47bfb8d893]recguard.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\..\run[/color:47bfb8d893]: [b:47bfb8d893][hp software update][/b:47bfb8d893] [color=teal:47bfb8d893]c:\program files\hp\hp software update\[/color:47bfb8d893][color=blue:47bfb8d893]hpwuschd2.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\..\run[/color:47bfb8d893]: [b:47bfb8d893][arcsoft connection service][/b:47bfb8d893] [color=teal:47bfb8d893]c:\program files\common files\arcsoft\connection service\bin\[/color:47bfb8d893][color=blue:47bfb8d893]acdaemon.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\..\run[/color:47bfb8d893]: [b:47bfb8d893][nvcpldaemon][/b:47bfb8d893] rundll32.exe [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]nvcpl.dll[/color:47bfb8d893],nvstartup [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\..\run[/color:47bfb8d893]: [b:47bfb8d893][nvmediacenter][/b:47bfb8d893] rundll32.exe [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]nvmctray.dll[/color:47bfb8d893],nvtaskbarinit [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\..\run[/color:47bfb8d893]: [b:47bfb8d893][nwiz][/b:47bfb8d893] nwiz.exe /installquiet /nodetect [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\..\run[/color:47bfb8d893]: [b:47bfb8d893][quicktime task][/b:47bfb8d893] [color=teal:47bfb8d893]c:\program files\quicktime\[/color:47bfb8d893][color=blue:47bfb8d893]qttask.exe[/color:47bfb8d893] -atboottime [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\..\run[/color:47bfb8d893]: [b:47bfb8d893][adobe arm][/b:47bfb8d893] [color=teal:47bfb8d893]c:\program files\common files\adobe\arm\1.0\[/color:47bfb8d893][color=blue:47bfb8d893]adobearm.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\..\run[/color:47bfb8d893]: [b:47bfb8d893][apvxdwin][/b:47bfb8d893] [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]apvxdwin.exe[/color:47bfb8d893] /s [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hklm\..\run[/color:47bfb8d893]: [b:47bfb8d893][scaninicio][/b:47bfb8d893] [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]inicio.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hkcu\..\run[/color:47bfb8d893]: [b:47bfb8d893][skype][/b:47bfb8d893] [color=teal:47bfb8d893]c:\program files\skype\\phone\[/color:47bfb8d893][color=blue:47bfb8d893]skype.exe[/color:47bfb8d893] /nosplash /minimized [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hkcu\..\run[/color:47bfb8d893]: [b:47bfb8d893][ctfmon.exe][/b:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]ctfmon.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hkcu\..\run[/color:47bfb8d893]: [b:47bfb8d893][wmpnscfg][/b:47bfb8d893] [color=teal:47bfb8d893]c:\program files\windows media player\[/color:47bfb8d893][color=blue:47bfb8d893]wmpnscfg.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hkus\s-1-5-18\..\run[/color:47bfb8d893]: [b:47bfb8d893][ctfmon.exe][/b:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]ctfmon.exe[/color:47bfb8d893] (user 'system') [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]hkus\.default\..\run[/color:47bfb8d893]: [b:47bfb8d893][ctfmon.exe][/b:47bfb8d893] [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]ctfmon.exe[/color:47bfb8d893] (user 'default user') [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]global startup[/color:47bfb8d893]: hp photosmart premier snelstart.lnk = [color=teal:47bfb8d893]c:\program files\hp\digital imaging\bin\[/color:47bfb8d893][color=blue:47bfb8d893]hpqthb08.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]global startup[/color:47bfb8d893]: microsoft office.lnk = [color=teal:47bfb8d893]c:\program files\microsoft office\office10\[/color:47bfb8d893][color=blue:47bfb8d893]osa.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]global startup[/color:47bfb8d893]: service manager.lnk = [color=teal:47bfb8d893]c:\program files\microsoft sql server\80\tools\binn\[/color:47bfb8d893][color=blue:47bfb8d893]sqlmangr.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o4 -[/color:47bfb8d893] [color=brown:47bfb8d893]global startup[/color:47bfb8d893]: tmmonitor.lnk = [color=teal:47bfb8d893]c:\program files\arcsoft\totalmedia 3.5\[/color:47bfb8d893][color=blue:47bfb8d893]tmmonitor.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o8 -[/color:47bfb8d893] [color=brown:47bfb8d893]extra context menu item[/color:47bfb8d893]: e&xport to microsoft excel - res://[color=teal:47bfb8d893]c:\progra~1\micros~2\office10\[/color:47bfb8d893][color=blue:47bfb8d893]excel.exe[/color:47bfb8d893]/3000 [color=silver:47bfb8d893]o8 -[/color:47bfb8d893] [color=brown:47bfb8d893]extra context menu item[/color:47bfb8d893]: google sidewiki... - res://[color=teal:47bfb8d893]c:\program files\google\google toolbar\component\[/color:47bfb8d893][color=blue:47bfb8d893]googletoolbardynamic_mui_en_7461b1589e8b4fb7.dll[/color:47bfb8d893]/cmsidewiki.html [color=silver:47bfb8d893]o9 -[/color:47bfb8d893] [color=brown:47bfb8d893]extra button[/color:47bfb8d893]: skype add-on for internet explorer - [color=orange:47bfb8d893]{898ea8c8-e7ff-479b-8935-aec46303b9e5}[/color:47bfb8d893] - [color=teal:47bfb8d893]c:\program files\skype\toolbars\internet explorer\[/color:47bfb8d893][color=blue:47bfb8d893]skypeieplugin.dll[/color:47bfb8d893] [color=silver:47bfb8d893]o9 -[/color:47bfb8d893] [color=brown:47bfb8d893]extra 'tools' menuitem[/color:47bfb8d893]: skype add-on for internet explorer - [color=orange:47bfb8d893]{898ea8c8-e7ff-479b-8935-aec46303b9e5}[/color:47bfb8d893] - [color=teal:47bfb8d893]c:\program files\skype\toolbars\internet explorer\[/color:47bfb8d893][color=blue:47bfb8d893]skypeieplugin.dll[/color:47bfb8d893] [color=silver:47bfb8d893]o9 -[/color:47bfb8d893] [color=brown:47bfb8d893]extra button[/color:47bfb8d893]: (no name) - [color=orange:47bfb8d893]{e2e2dd38-d088-4134-82b7-f2ba38496583}[/color:47bfb8d893] - [color=teal:47bfb8d893]c:\windows\network diagnostic\[/color:47bfb8d893][color=blue:47bfb8d893]xpnetdiag.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o9 -[/color:47bfb8d893] [color=brown:47bfb8d893]extra 'tools' menuitem[/color:47bfb8d893]: @xpsp3res.dll,-20001 - [color=orange:47bfb8d893]{e2e2dd38-d088-4134-82b7-f2ba38496583}[/color:47bfb8d893] - [color=teal:47bfb8d893]c:\windows\network diagnostic\[/color:47bfb8d893][color=blue:47bfb8d893]xpnetdiag.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o9 -[/color:47bfb8d893] [color=brown:47bfb8d893]extra button[/color:47bfb8d893]: messenger - [color=orange:47bfb8d893]{fb5f1910-f110-11d2-bb9e-00c04f795683}[/color:47bfb8d893] - [color=teal:47bfb8d893]c:\program files\messenger\[/color:47bfb8d893][color=blue:47bfb8d893]msmsgs.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o9 -[/color:47bfb8d893] [color=brown:47bfb8d893]extra 'tools' menuitem[/color:47bfb8d893]: windows messenger - [color=orange:47bfb8d893]{fb5f1910-f110-11d2-bb9e-00c04f795683}[/color:47bfb8d893] - [color=teal:47bfb8d893]c:\program files\messenger\[/color:47bfb8d893][color=blue:47bfb8d893]msmsgs.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o14 -[/color:47bfb8d893] [color=brown:47bfb8d893]iereset.inf[/color:47bfb8d893]: start_page_url=[u:47bfb8d893][noparse]http://ie.redirect.hp.com/svs/rdr?type=3&tp=iehome&locale=nl_nl&c=64&bd=pavilion&pf=laptop[/noparse][/u:47bfb8d893] [color=silver:47bfb8d893]o16 -[/color:47bfb8d893] [color=brown:47bfb8d893]dpf[/color:47bfb8d893]: [color=orange:47bfb8d893]{17492023-c23a-453e-a040-c7c580bbf700}[/color:47bfb8d893] (windows genuine advantage validation tool) - [u:47bfb8d893][noparse]http://go.microsoft.com/fwlink/?linkid=39204[/noparse][/u:47bfb8d893] [color=silver:47bfb8d893]o16 -[/color:47bfb8d893] [color=brown:47bfb8d893]dpf[/color:47bfb8d893]: [color=orange:47bfb8d893]{4f1e5b1a-2a80-42ca-8532-2d05cb959537}[/color:47bfb8d893] (msn photo upload tool) - [u:47bfb8d893][noparse]http://gfx1.hotmail.com/mail/w3/pr01/resources/msnpupld.cab[/noparse][/u:47bfb8d893] [color=silver:47bfb8d893]o16 -[/color:47bfb8d893] [color=brown:47bfb8d893]dpf[/color:47bfb8d893]: [color=orange:47bfb8d893]{7530bfb8-7293-4d34-9923-61a11451afc5}[/color:47bfb8d893] (onlinescanner control) - [u:47bfb8d893][noparse]http://download.eset.com/special/eos-beta/onlinescanner.cab[/noparse][/u:47bfb8d893] [color=silver:47bfb8d893]o16 -[/color:47bfb8d893] [color=brown:47bfb8d893]dpf[/color:47bfb8d893]: [color=orange:47bfb8d893]{d27cdb6e-ae6d-11cf-96b8-444553540000}[/color:47bfb8d893] (shockwave flash object) - [u:47bfb8d893][noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse][/u:47bfb8d893] [color=silver:47bfb8d893]o16 -[/color:47bfb8d893] [color=brown:47bfb8d893]dpf[/color:47bfb8d893]: [color=orange:47bfb8d893]{e2883e8f-472f-4fb0-9522-ac9bf37916a7}[/color:47bfb8d893] - [u:47bfb8d893][noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse][/u:47bfb8d893] [color=silver:47bfb8d893]o16 -[/color:47bfb8d893] [color=brown:47bfb8d893]dpf[/color:47bfb8d893]: [color=orange:47bfb8d893]{e77f23eb-e7ab-4502-8f37-247dbaf1a147}[/color:47bfb8d893] (windows live hotmail photo upload tool) - [u:47bfb8d893][noparse]http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/msnpupld.cab[/noparse][/u:47bfb8d893] [color=silver:47bfb8d893]o18 -[/color:47bfb8d893] [color=brown:47bfb8d893]protocol[/color:47bfb8d893]: skype-ie-addon-data - [color=orange:47bfb8d893]{91774881-d725-4e58-b298-07617b9b86a8}[/color:47bfb8d893] - [color=teal:47bfb8d893]c:\program files\skype\toolbars\internet explorer\[/color:47bfb8d893][color=blue:47bfb8d893]skypeieplugin.dll[/color:47bfb8d893] [color=silver:47bfb8d893]o18 -[/color:47bfb8d893] [color=brown:47bfb8d893]protocol[/color:47bfb8d893]: skype4com - [color=orange:47bfb8d893]{ffc8b962-9b40-4dff-9458-1830c7dd7f5d}[/color:47bfb8d893] - [color=teal:47bfb8d893]c:\progra~1\common~1\skype\[/color:47bfb8d893][color=blue:47bfb8d893]skype4~1.dll[/color:47bfb8d893] [color=silver:47bfb8d893]o22 -[/color:47bfb8d893] [color=brown:47bfb8d893]sharedtaskscheduler[/color:47bfb8d893]: preloader van browseui - [color=orange:47bfb8d893]{438755c2-a8ba-11d1-b96b-00a0c90312e1}[/color:47bfb8d893] - [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]browseui.dll[/color:47bfb8d893] [color=silver:47bfb8d893]o22 -[/color:47bfb8d893] [color=brown:47bfb8d893]sharedtaskscheduler[/color:47bfb8d893]: cache-daemon voor onderdeelcategorieën - [color=orange:47bfb8d893]{8c7461ef-2b13-11d2-be35-3078302c2030}[/color:47bfb8d893] - [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]browseui.dll[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: arcsoft connect daemon (acdaemon) - arcsoft inc. - [color=teal:47bfb8d893]c:\program files\common files\arcsoft\connection service\bin\[/color:47bfb8d893][color=blue:47bfb8d893]acservice.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: addfiltr - hewlett-packard development company, l.p. - [color=teal:47bfb8d893]c:\program files\hewlett-packard\hp quick launch buttons\[/color:47bfb8d893][color=blue:47bfb8d893]addfiltr.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: google updateservice (gupdate) (gupdate) - google inc. - [color=teal:47bfb8d893]c:\program files\google\update\[/color:47bfb8d893][color=blue:47bfb8d893]googleupdate.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: google update-service (gupdatem) (gupdatem) - google inc. - [color=teal:47bfb8d893]c:\program files\google\update\[/color:47bfb8d893][color=blue:47bfb8d893]googleupdate.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: hpqwmiex - hewlett-packard development company, l.p. - [color=teal:47bfb8d893]c:\program files\hewlett-packard\shared\[/color:47bfb8d893][color=blue:47bfb8d893]hpqwmiex.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: installdriver table manager (idrivert) - macrovision corporation - [color=teal:47bfb8d893]c:\program files\common files\installshield\driver\1050\intel 32\[/color:47bfb8d893][color=blue:47bfb8d893]idrivert.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: java quick starter (javaquickstarterservice) - sun microsystems, inc. - [color=teal:47bfb8d893]c:\program files\java\jre6\bin\[/color:47bfb8d893][color=blue:47bfb8d893]jqs.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: lightscribeservice direct disc labeling service (lightscribeservice) - hewlett-packard company - [color=teal:47bfb8d893]c:\program files\common files\lightscribe\[/color:47bfb8d893][color=blue:47bfb8d893]lssrvc.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: nvidia display driver service (nvsvc) - nvidia corporation - [color=teal:47bfb8d893]c:\windows\system32\[/color:47bfb8d893][color=blue:47bfb8d893]nvsvc32.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: panda software controller - panda security, s.l. - [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]psctrls.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: panda function service (pavfnsvr) - unknown owner - [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]pavfnsvr.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: panda process protection service (pavprsrv) - unknown owner - [color=teal:47bfb8d893]c:\program files\common files\panda security\pavshld\[/color:47bfb8d893][color=blue:47bfb8d893]pavprsrv.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: panda on-access anti-malware service (pavsrv) - panda security, s.l. - [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]pavsrvx86.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: panda host service (pshost) - unknown owner - [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\firewall\[/color:47bfb8d893][color=blue:47bfb8d893]pshost.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: panda imanager service (psimsvc) - panda security s.l. - [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]psimsvc.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: panda psk service (psksvcretail) - panda security, s.l. - [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]psksvc.exe[/color:47bfb8d893] [color=silver:47bfb8d893]o23 -[/color:47bfb8d893] [color=brown:47bfb8d893]service[/color:47bfb8d893]: panda tpsrv (tpsrv) - panda security, s.l. - [color=teal:47bfb8d893]c:\program files\panda security\panda global protection 2012\[/color:47bfb8d893][color=blue:47bfb8d893]tpsrv.exe[/color:47bfb8d893] -- end of file - 11517 bytes [/hjt] Alvast dank!

anoniem · 30 september 2011

Hallo Abraham54, gedaan. Beide stonden op automatisch opstarten. Terwijl die in het configuratiescherm op GLobalPanda12 staan. Betekend dit dat de Firewall van Windows toch aan stond terwijl ik ook GlobalPanda12 firewall had? Backdoor? Heb geen idee... Groetjes Holly

anoniem · 30 september 2011

Een backdoor - achterdeur steelt jouw identiteitsgegevens en geeft deze door aan internetcriminelen. Beoogd doel: het uitruimen van jouw bankrekening! Kijk ook in C:\ of daar een map genaamd "Windows.old" aanwezig is.

anoniem · 30 september 2011

:o omg! Krijg er een beetje buikpijn van eerlijk gezegd, :cry: dat is schrikken! Geluk bij een ongeluk is dat ze weinig te ruimen hebben op mijn bankrekening...en zonder jouw zou het dus voor mij een verloren zaak zijn in deze. Ik zou ook maar al te graag willen weten hoe ik aan die Backdoor kom, wie t is/zijn, en ook hoe ik eraf kom! Heeft dan iemand controle over al mijn gegevens dan ook? ai, echt niet leuk! Heb geen map Windows.old gevonden. Dit ook nog met de zoekresultaten gedaan op de hele computer, maar niet gevonden van Windows.old. Is dat een goed teken of een slecht teken? Kan ik die backdoor deleten? Of zit die nu in de quarantaine van TDSSrootkiller of moet ik rebooten? Groetjes Holly

anoniem · 30 september 2011

Je mag nu het volgende gaan doen: [color=#FF0000:ee111a8e8f][b:ee111a8e8f]Stap •1•[/b:ee111a8e8f][/color:ee111a8e8f] [b:ee111a8e8f]Welk programma[/b:ee111a8e8f]: Malwarebytes MBAM [b:ee111a8e8f]Waarvoor/waarom[/b:ee111a8e8f]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:ee111a8e8f]Moeilijkheidsgraad[/b:ee111a8e8f]: geen. [b:ee111a8e8f]Download Malwarebytes MBAM via één van deze locaties[/b:ee111a8e8f]: [list:ee111a8e8f][*:ee111a8e8f][url=http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?][b:ee111a8e8f]Download.com[/b:ee111a8e8f][/url] [*:ee111a8e8f][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:ee111a8e8f]Softpedia.com[/b:ee111a8e8f][/url][*:ee111a8e8f][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:ee111a8e8f]Majorgeeks.com[/b:ee111a8e8f][/url][/list:u:ee111a8e8f] [b:ee111a8e8f]Allereerst[/b:ee111a8e8f]:[list:ee111a8e8f][*:ee111a8e8f] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:ee111a8e8f] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'! [/list:u:ee111a8e8f] [b:ee111a8e8f]Malwarebytes MBAM opstarten[/b:ee111a8e8f]: Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [list:ee111a8e8f][*:ee111a8e8f][b:ee111a8e8f]Let op:[/b:ee111a8e8f] [list:ee111a8e8f][*:ee111a8e8f]Malwarebytes verstrekt nu de volledige versie van MBAM. [*:ee111a8e8f]Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie. [*:ee111a8e8f]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken. [*:ee111a8e8f]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:ee111a8e8f][/list:u:ee111a8e8f] [img:ee111a8e8f]http://img30.imageshack.us/img30/3928/mbam2.png[/img:ee111a8e8f] [list:ee111a8e8f][*:ee111a8e8f][b:ee111a8e8f]Doe ook nog het volgende:[/b:ee111a8e8f] [list:ee111a8e8f][*:ee111a8e8f]Zodra het programma gestart is, ga dan naar het tabblad "[b:ee111a8e8f]Instellingen[/b:ee111a8e8f]". [*:ee111a8e8f]Vink hier aan: "[b:ee111a8e8f]Sluit Internet Explorer tijdens verwijdering van malware[/b:ee111a8e8f]".[/list:u:ee111a8e8f][/list:u:ee111a8e8f] [b:ee111a8e8f]Scannen[/b:ee111a8e8f]: [list:ee111a8e8f][*:ee111a8e8f] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:ee111a8e8f]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:ee111a8e8f]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:ee111a8e8f] [b:ee111a8e8f]Infecties gevonden[/b:ee111a8e8f]: [list:ee111a8e8f][*:ee111a8e8f]Klik nu eerst op OK om de melding weg te klikken [*:ee111a8e8f]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:ee111a8e8f]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:ee111a8e8f]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:ee111a8e8f]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:ee111a8e8f]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:ee111a8e8f] [b:ee111a8e8f]MBAM-Log[/b:ee111a8e8f]: [list:ee111a8e8f][*:ee111a8e8f] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:ee111a8e8f] [b:ee111a8e8f]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:ee111a8e8f] [color=#FF0000:ee111a8e8f][b:ee111a8e8f]Stap •2•[/b:ee111a8e8f][/color:ee111a8e8f] [b:ee111a8e8f]Welk programma[/b:ee111a8e8f]: ComboFix [b:ee111a8e8f]Waarvoor/waarom[/b:ee111a8e8f]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:ee111a8e8f]Moeilijkheidsgraad[/b:ee111a8e8f]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:ee111a8e8f]Downloadlokatie[/b:ee111a8e8f]: Dit programma absoluut naar het bureaublad downloaden! [b:ee111a8e8f]Download ComboFix via één van deze locaties[/b:ee111a8e8f]: [list:ee111a8e8f][*:ee111a8e8f][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:ee111a8e8f]Bleepingcomputer[/b:ee111a8e8f][/url] [*:ee111a8e8f][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:ee111a8e8f]ForoSpyware[/b:ee111a8e8f][/url] [*:ee111a8e8f][url=http://subs.geekstogo.com/ComboFix.exe][b:ee111a8e8f]Geekstogo[/b:ee111a8e8f][/url][/list:u:ee111a8e8f] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:ee111a8e8f]Hier[/b:ee111a8e8f][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:ee111a8e8f]Hier[/b:ee111a8e8f][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:ee111a8e8f]hier[/b:ee111a8e8f][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:ee111a8e8f]Voor alle duidelijkheid nogmaals[/b:ee111a8e8f]: ComboFix dient vanaf het bureaublad gestart te worden. [b:ee111a8e8f]Opmerkingen[/b:ee111a8e8f]: [list:ee111a8e8f][*:ee111a8e8f] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:ee111a8e8f]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:ee111a8e8f]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:ee111a8e8f] [b:ee111a8e8f]ComboFix is opgestart[/b:ee111a8e8f]: [list:ee111a8e8f][*:ee111a8e8f]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:ee111a8e8f]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:ee111a8e8f]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:ee111a8e8f]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:ee111a8e8f]Post de inhoud van dit logbestand in je volgende bericht. [*:ee111a8e8f]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:ee111a8e8f] [b:ee111a8e8f]Belangrijke opmerking[/b:ee111a8e8f]: [list:ee111a8e8f][*:ee111a8e8f][b:ee111a8e8f][color=Red:ee111a8e8f]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:ee111a8e8f][/b:ee111a8e8f] [*:ee111a8e8f][b:ee111a8e8f][color=blue:ee111a8e8f]Illegal operation attempted on a registery key that has been marked for deletion.[/color:ee111a8e8f][/b:ee111a8e8f] [*:ee111a8e8f][b:ee111a8e8f][color=Red:ee111a8e8f]Start dan de computer opnieuw op.[/color:ee111a8e8f][/b:ee111a8e8f][/list:u:ee111a8e8f] [color=#FF0000:ee111a8e8f][b:ee111a8e8f]Stap •3•[/b:ee111a8e8f][/color:ee111a8e8f] [b:ee111a8e8f]Samenvattend: hierna post je in jouw volgende bericht de inhoud van het volgende logs:[/b:ee111a8e8f] [list:ee111a8e8f][*:ee111a8e8f] MBAM-scanlog [*:ee111a8e8f] ComboFix-scanlog[/list:u:ee111a8e8f]

anoniem · 30 september 2011

Hallo Abraham54, had niet goed gelezen, dacht dat ik juist evaluatie moest ipv weigeren, omdat ik internet had afgesloten omdat er stond alles afsluiten alvorens te installeren... Via software MBAM gepoogd te verwijderen en andere mappen ook, daarna opnieuw opgestart. Lukte niet om opnieuw het pop-upschermpje te krijgen. Dus activatie wel kunnen deactiveren. het log van MBAM alvorens ik met Combofix verder ga. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Databaseversie: 7834 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 30-9-2011 16:47:03 mbam-log-2011-09-30 (16-47-03).txt Scantype: Snelle scan Objecten gescand: 182204 Verstreken tijd: 6 minuut/minuten, 2 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Combofix wilde wederom niet in de gewone modus, dus in Save modus gedaan. ComboFix 11-09-30.04 - Pt3z 30-09-2011 17:29:21.2.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1983.1731 [GMT 2:00] Gestart vanuit: c:\documents and settings\Pt3z\Mijn documenten\Downloads\ComboFix.exe AV: Panda Global Protection 2012 *Disabled/Updated* {8BF935E7-731F-4115-B7A5-789FF5087595} FW: Panda Personal Firewall 2012 *Disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Pt3z\Local Settings\Application Data\ApplicationHistory c:\documents and settings\Pt3z\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse . ---- Voorgaande Run ------- . c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL168.tmp.161eca5c.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL54C.tmp.ab25b70d.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL68.tmp.a9d7b36b.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL8A.tmp.b70bad12.ini c:\documents and settings\Pt3z\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini c:\documents and settings\Pt3z\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini c:\documents and settings\Pt3z\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini c:\documents and settings\Pt3z\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini c:\documents and settings\Pt3z\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini c:\documents and settings\Pt3z\Local Settings\Application Data\ApplicationHistory\SL168.tmp.161eca5c.ini c:\documents and settings\Pt3z\Local Settings\Application Data\ApplicationHistory\SL54C.tmp.ab25b70d.ini c:\documents and settings\Pt3z\Local Settings\Application Data\ApplicationHistory\SL68.tmp.a9d7b36b.ini c:\documents and settings\Pt3z\Local Settings\Application Data\ApplicationHistory\SL8A.tmp.b70bad12.ini c:\windows\kb913800.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))) . . 2011-09-30 14:29 . 2011-09-30 14:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-30 14:29 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-30 13:01 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys 2011-09-30 13:01 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2011-09-30 13:01 . 2010-07-12 18:36 126448 ------w- c:\windows\system32\pxinsi64.exe 2011-09-30 13:01 . 2010-07-12 18:36 123888 ------w- c:\windows\system32\pxcpyi64.exe 2011-09-30 13:01 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll 2011-09-30 12:59 . 2011-09-30 13:01 -------- d-----w- c:\program files\Common Files\DivX Shared 2011-09-30 12:57 . 2011-09-30 13:02 -------- d-----w- c:\program files\DivX 2011-09-30 12:56 . 2011-09-30 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2011-09-30 12:06 . 2011-09-30 12:06 -------- d-----w- c:\program files\Microsoft Silverlight 2011-09-30 02:46 . 2011-09-30 11:35 -------- d-----w- C:\TDSSKiller_Quarantine 2011-09-30 02:41 . 2011-09-30 02:41 -------- d-----w- c:\program files\ESET 2011-09-30 00:49 . 2011-09-30 00:49 -------- d-----w- c:\program files\Microsoft.NET 2011-09-30 00:39 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll 2011-09-29 23:24 . 2011-09-29 23:24 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-09-29 22:34 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-09-29 22:34 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-09-29 22:33 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys 2011-09-29 22:33 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-09-29 22:32 . 2010-08-23 16:13 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-09-29 22:32 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys 2011-09-29 22:32 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys 2011-09-29 22:29 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-09-29 22:08 . 2011-09-30 00:39 -------- d-----w- c:\windows\system32\XPSViewer 2011-09-29 22:08 . 2011-09-29 22:08 -------- d-----w- c:\program files\MSBuild 2011-09-29 22:08 . 2011-09-29 22:08 -------- d-----w- c:\program files\Reference Assemblies 2011-09-29 22:08 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2011-09-29 21:51 . 2011-09-29 22:08 -------- d-----w- C:\47313fa2c659f0e8e86b66adcf2193f5 2011-09-29 21:51 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2011-09-29 21:51 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2011-09-29 21:51 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2011-09-29 21:51 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2011-09-29 21:51 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2011-09-29 21:51 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2011-09-29 21:51 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2011-09-29 21:51 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2011-09-29 18:31 . 2011-09-29 18:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-09-29 18:30 . 2011-09-29 18:30 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-09-29 18:15 . 2011-09-29 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-09-29 15:08 . 2011-09-29 15:08 -------- d-----w- c:\windows\system32\CatRoot_bak 2011-09-29 15:06 . 2011-09-29 15:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-09-29 15:05 . 2008-04-14 17:02 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2011-09-29 15:04 . 2011-09-29 15:04 -------- d-----w- c:\windows\system32\drivers\UMDF 2011-09-29 12:59 . 2011-09-29 12:59 -------- d-----w- c:\windows\l2schemas 2011-09-29 12:59 . 2011-09-29 12:59 -------- d-----w- c:\windows\system32\nl 2011-09-29 12:59 . 2011-09-29 12:59 -------- d-----w- c:\windows\system32\bits 2011-09-29 12:50 . 2011-09-29 12:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-09-29 12:47 . 2011-06-23 18:31 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll 2011-09-29 12:47 . 2011-06-23 18:31 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-09-29 12:47 . 2011-06-23 18:31 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2011-09-29 12:47 . 2011-06-23 18:31 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll 2011-09-29 12:47 . 2011-06-23 18:31 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2011-09-29 12:47 . 2011-06-23 18:31 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2011-09-29 12:47 . 2011-06-23 18:31 11081728 ------w- c:\windows\system32\dllcache\ieframe.dll 2011-09-29 12:47 . 2011-09-30 00:53 -------- d-----w- c:\windows\system32\nl-NL 2011-09-29 12:47 . 2011-09-29 12:47 -------- dc-h--w- c:\windows\ie8 2011-09-29 12:36 . 2008-04-14 17:03 32768 ------w- c:\windows\system32\setupn.exe 2011-09-29 12:32 . 2011-09-30 14:26 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2011-09-29 12:28 . 2011-09-30 15:37 255440 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT 2011-09-29 12:28 . 2010-09-09 14:23 193864 ----a-w- c:\windows\system32\drivers\idsflt.sys 2011-09-29 12:28 . 2009-09-25 12:54 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys 2011-09-29 12:28 . 2009-09-25 12:54 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys 2011-09-29 12:28 . 2011-01-31 14:41 83528 ----a-w- c:\windows\system32\drivers\APPFLT.SYS 2011-09-29 12:28 . 2009-09-25 12:54 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS 2011-09-29 12:28 . 2009-09-25 12:54 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys 2011-09-29 12:28 . 2011-09-29 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Backup 2011-09-29 12:27 . 2011-09-29 12:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security 2011-09-29 12:26 . 2011-09-29 12:26 -------- d-----w- c:\program files\Common Files\Panda Security 2011-09-29 12:26 . 2011-02-21 12:38 37448 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys 2011-09-29 12:26 . 2010-05-06 15:11 163848 ----a-w- c:\windows\system32\drivers\PavProc.sys 2011-09-29 12:19 . 2011-09-29 15:04 -------- d-----w- c:\windows\system32\LogFiles 2011-09-29 12:04 . 2011-09-29 12:57 -------- d-----w- c:\windows\ServicePackFiles 2011-09-29 12:02 . 2011-09-29 12:02 -------- d-----w- c:\program files\MSXML 4.0 2011-09-29 11:55 . 2011-02-17 13:18 357888 ------w- c:\windows\system32\dllcache\srv.sys 2011-09-29 11:55 . 2011-07-15 13:29 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2011-09-29 11:55 . 2010-08-27 08:03 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-09-29 11:55 . 2009-10-15 16:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-09-29 11:55 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-09-29 11:55 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-09-29 11:53 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys 2011-09-29 11:53 . 2008-05-01 14:37 331776 ------w- c:\windows\system32\dllcache\msadce.dll 2011-09-29 11:53 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2011-09-29 11:50 . 2009-06-10 07:22 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll 2011-09-29 11:49 . 2008-10-15 16:37 337408 ------w- c:\windows\system32\dllcache\netapi32.dll 2011-09-29 11:49 . 2010-06-14 07:43 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll 2011-09-29 11:45 . 2010-07-16 11:58 221184 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-09-29 11:43 . 2011-09-29 11:43 -------- d--h--w- c:\windows\PIF 2011-09-29 11:38 . 2011-09-29 11:38 -------- d-----w- c:\program files\Common Files\Adobe 2011-09-29 11:34 . 2011-09-29 11:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-29 11:30 . 2011-09-29 12:17 -------- d-----w- c:\program files\Windows Desktop Search 2011-09-29 11:30 . 2011-09-29 11:30 -------- d-----w- c:\windows\system32\GroupPolicy 2011-09-29 11:28 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll 2011-09-29 11:28 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll 2011-09-29 11:28 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll 2011-09-29 11:23 . 2011-09-29 13:25 -------- d-----w- c:\documents and settings\Pt3z 2011-09-29 11:22 . 2011-09-29 17:19 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec 2011-09-29 11:22 . 2007-02-27 12:04 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe 2011-09-29 11:07 . 2011-09-29 11:16 -------- d-----w- c:\program files\Firefox Mozilla 2011-09-29 10:55 . 2011-09-29 10:56 -------- d-----w- c:\program files\NetWaiting 2011-09-29 10:41 . 2011-09-29 10:40 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-29 10:41 . 2011-09-29 10:40 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-09-29 10:33 . 2011-09-29 10:33 -------- d-----w- c:\windows\Hewlett-Packard 2011-09-09 09:12 . 2011-09-09 09:12 602624 ------w- c:\windows\system32\dllcache\crypt32.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-09 09:12 . 2006-04-11 11:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\system32\dpl100.dll 2011-07-15 13:29 . 2005-01-19 19:26 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2006-04-11 11:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-09-30 13:31 . 2011-09-29 11:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-02-04 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-29 7577600] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-29 86016] "nwiz"="nwiz.exe" [2006-06-29 1519616] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-11 102400] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE" [2011-04-13 1000768] "SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2012\Inicio.exe" [2011-02-02 70464] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ HP Photosmart Premier Snelstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2010-03-24 10:55 55552 ----a-w- c:\windows\system32\avldr.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [29-9-2011 14:28 26696] R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [29-9-2011 14:28 83528] R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [29-9-2011 14:28 53256] R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [29-9-2011 14:28 22024] R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [29-9-2011 14:28 193864] R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [29-9-2011 14:28 159112] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [29-9-2011 14:26 37448] R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [29-9-2011 14:28 46856] R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [29-9-2011 14:27 59080] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30-9-2011 16:29 366152] R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [29-9-2011 14:26 163848] R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2012\psksvc.exe [29-9-2011 14:28 28992] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30-9-2011 16:29 22216] R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [29-9-2011 14:27 201032] R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?] S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [29-9-2011 14:32 13880] S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] . Inhoud van de 'Gedeelde Taken' map . 2011-09-29 c:\windows\Tasks\Basis-opruiming.job - c:\program files\Panda Security\Panda Global Protection 2012\PlaTasks.exe [2011-09-29 12:23] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop IE: &Google Zoeken - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Woord vertalen in het Nederlands - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Gelijkwaardige pagina's - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Koppelingspagina's - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Opgeslagen momentopname van de pagina - c:\program files\Google\GoogleToolbar1.dll/cmcache.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Pt3z\Application Data\Mozilla\Firefox\Profiles\7osei76j.default\ FF - prefs.js: browser.startup.homepage - hxxp://forum.computertotaal.nl/phpBB2/index.php|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1317303412&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1043&id=64855&mkt=nl-NL&cbcxt=mai&snsc=1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-30 17:36 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????K??????Y?@?????<?@ . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1496) c:\windows\system32\avldr.dll . - - - - - - - > 'explorer.exe'(2624) c:\program files\Panda Security\Panda Global Protection 2012\PavTrc.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Panda Security\Panda Global Protection 2012\TPSrv.exe c:\program files\PANDA SECURITY\PANDA GLOBAL PROTECTION 2012\WebProxy.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\program files\Panda Security\Panda Global Protection 2012\PsCtrls.exe c:\program files\Panda Security\Panda Global Protection 2012\PavFnSvr.exe c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe c:\program files\panda security\panda global protection 2012\firewall\PSHOST.EXE c:\program files\Panda Security\Panda Global Protection 2012\PsImSvc.exe c:\program files\Panda Security\Panda Global Protection 2012\pavsrvx86.exe c:\program files\Panda Security\Panda Global Protection 2012\AVENGINE.EXE c:\windows\system32\SearchIndexer.exe c:\windows\system32\wscntfy.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\dllhost.exe c:\windows\eHome\ehmsas.exe c:\windows\system32\RUNDLL32.EXE c:\program files\HP\Digital Imaging\bin\hpqimzone.exe . ************************************************************************** . Voltooingstijd: 2011-09-30 17:41:06 - machine werd herstart ComboFix-quarantined-files.txt 2011-09-30 15:41 . Pre-Run: 87.088.103.424 bytes beschikbaar Post-Run: 84.982.480.896 bytes beschikbaar . - - End Of File - - F31520EF28C59F2604FDFC1AA1F490E4 GlobalPanda12 had ik gedeaktiveerd alvorens te starten met Combofix, toch kwam die telkens weer actief op de een of andere manier! Alles had ik uitgezet, ook de auto updates, kwam dat Pandahoofdje toch ineens weer in beeld...>? Ook heeft Combofix de zgn. 'recoveryconsole' eerst gedownload en geinstalleerd alvorens verder te gaan. Groetjes Holly

anoniem · 1 oktober 2011

Vertel: hoe draait jouw Windows nu? Je mag het volgende nu doen: Download [url=http://jpshortstuff.247fixes.com/SystemLook.exe[/b][/url] en plaats het bestand op het [b:f54b1ea141]Bureaublad[/b:f54b1ea141]. [b:f54b1ea141]SystemLook.exe opstarten[/b:f54b1ea141]: [list:f54b1ea141][*:f54b1ea141] Windows 2000 en Windows XP: start SystemLook.exe middels dubbelklik op de snelkoppeling. [*:f54b1ea141] Windows Vista en Windows 7: start SystemLook.exe middels rechtsklik op de snelkoppeling en dan kiezen voor "Als Administrator uitvoeren".[/list:u:f54b1ea141] In het venster dat opent kopieer je onderstaande code: [code:1:f54b1ea141][b]:filefind mhndrv.sys[/b] [/code:1:f54b1ea141] [list:f54b1ea141][*:f54b1ea141]Klik op de knop "[b:f54b1ea141]Look[/b:f54b1ea141]" om de scan te activeren. [*:f54b1ea141]Als de scan klaar is opent een tekstbestand ([b:f54b1ea141]SystemLook.txt[/b:f54b1ea141]). [*:f54b1ea141]Post de inhoud van in dit logbestand.[/list:u:f54b1ea141]

anoniem · 1 oktober 2011

Hallo Abraham54, de GlobalPanda12 wordt volgens mij continue aangevallen. Telkens is die weg ineens. Dan haal ik hem via configuratie en beveiliging tevoorschijn en is alles rood: geen firewall, geen auto updates, geen antivirus en geen identiteitsbescherming. Na een paar keer klikken op oplossen wordt alles wel weer groen, dan bijwerken en scannen, dan vind ie telkens 2-5 stuks spyware of besmettingen. Soms ineens ook twee Pandaberen rechtsonder bij de actieve programma's naast de blauwe balk en zo is die ook weer weg... Ik vertrouw het dus nog niet helemaal daarom. Wel heb ik op die kwetsbaarheden gelet, er zijn er inmiddels in no-time 573!!! Maar de MS-10&MS-11-nummers zijn verminderd: MS-10-046 (Virus of bedreiging die er gebruik van maakt: ChymineLNK.A) MS-10-47/48/49/53/54/61/63/66/67/69/71/73/76/81/83/84/90/96/97/98 MS-11-002/3/6/7/11/12/13/14 nu 1 okt 2011 12 stuks nog van deze nummers! MS-10-048/53/54/76/69/71/73/90/98 MS-11-003/7/12 Het log van Look: SystemLook 30.07.11 by jpshortstuff Log created at 13:14 on 01/10/2011 by Holly Administrator - Elevation successful ========== filefind ========== Searching for "mhndrv.sys" C:\WINDOWS\system32\drivers\mhndrv.sys --a---- 11008 bytes [16:45 10/08/2004] [16:45 10/08/2004] 7F2F1D2815A6449D346FCCCBC569FBD6 -= EOF =- Groetjes Holly

anoniem · 1 oktober 2011

Doe het volgende: [b:279f593062][url=http://swandog46.geekstogo.com/avenger2/download.php]Download The Avenger naar je bureaublad[/url][/b:279f593062] • Unzip op je bureaublad het gedownloade bestand. • [b:279f593062]Avenger opstarten[/b:279f593062]: • Windows 2000 en Windows XP: start Avenger middels dubbelklik op het tool. • Windows Vista en Windows 7: start Avenger middels rechtsklik op het tool en dan kiezen voor "Als Administrator uitvoeren". • Haal het vinkje weg bij "Scan voor rootkits". • Kopieer nu de vetgedrukte regels • Plak deze nu in het venster "Input Script here": [b:279f593062]Files to delete: C:\WINDOWS\system32\drivers\mhndrv.sys [/b:279f593062] • Klik vervolgens op de knop "Execute". • Avenger zal aangeven dat de computer gaat herstarten, dus sta dit toe. • Na herstarten opent een logfile - avenger.txt -. • Post aansluitend de inhoud van deze logfile.[/quote] [b:279f593062][color=Red:279f593062]Opgelet: Bovenstaande code werd enkel gemaakt voor deze computer/gebruiker/situatie. Indien deze code op een andere computer wordt gebruikt kan dit tot totale uitval van die computer leiden![/color:279f593062][/b:279f593062]

anoniem · 1 oktober 2011

Hallo Abraham54, hier het log: ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Service Pack 3) Sat Oct 01 14:38:57 2011 14:38:57: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File "C:\WINDOWS\system32\drivers\mhndrv.sys" deleted successfully. Completed script processing. ******************* Finished! Terminate. Groetjes Holly

anoniem · 1 oktober 2011

Wil je voor de zekerheid nogmaals Systemlook uitvoeren op dezelfde wijze?

anoniem · 1 oktober 2011

Hallo Abraham54, hierbij nogmaals Look met het nieuwe log ervan: SystemLook 30.07.11 by jpshortstuff Log created at 15:25 on 01/10/2011 by Pt3z Administrator - Elevation successful ========== filefind ========== Searching for "mhndrv.sys" No files found. -= EOF =- Groetjes Holly

anoniem · 1 oktober 2011

ik kon het niet laten om ook nog even met de TDSS_kaspersky te scannen, 1 threat gevonden die in quarantaine is gegaan:Die is van Iastor wederom, van Intel, dus die was niet gevaarlijk toch? herstelt het zichzelf uit de quarantaine? Of is dat niet erg meer? Groetjes Holly

anoniem · 1 oktober 2011

Ga naar http://downloadcenter.intel.com/ en klik daar op de knop [b:fa6cfc2090]Run Intel Driver Update Utility[/b:fa6cfc2090]. Ongetwijfeld zijn er updates voor jouw notebook - download en installeer die ook. Daarna wel eerst je notebook opnieuw opstarten.

anoniem · 1 oktober 2011

Hallo Abraham54, In eerste instantie is de validatie okay, maar dan krijg ik een foutmelding daarbij. Ik begrijp niet goed hoe ik de onderstaande aangegeven stappen moet uitvoeren. Server Error in '/iDUU' Application. Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. Source Error: The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL: 1. Add a "Debug=true" directive at the top of the file that generated the error. Example: <%@ Page Language="C#" Debug="true" %> or: 2) Add the following section to the configuration file of your application: <configuration> <system.web> <compilation debug="true"/> </system.web> </configuration> Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode. Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario. Stack Trace: [ViewStateException: Invalid viewstate. Client IP: 10.114.94.204 Port: 26804 Referer: http://intel-drv-ws.systemrequirementslab.com/iduu/iduu_multiple/intro.aspx?app=multi&lang=eng Path: /iduu/iduu.aspx User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 ViewState: /wEPDwUKMTI5Mjg2ODA0MA9kFgICAw9kFgYCCw8WAh4HVmlzaWJsZWhkAg0PFgIfAGcWAgIBD2QWAgIVD2QWAmYPFgIeCWlubmVyaHRtbAWLAjxvYmplY3Qgc3R5bGU9InZpc2liaWxpdHk6IGhpZGRlbiIgaWQ9IlN5c1JlcUxhYiIgdHlwZT0iYXBwbGljYXRpb24veC1qYXZhLWFwcGxldCIgYXJjaGl2ZT0iaHR0cDovL2NvbnRlbnQuc3lzdGVtcmVxdWlyZW1lbnRzbGFiLmNvbS5zMy5hbWF6b25hd3MuY29tL2dsb2JhbC9iaW4vc3JsZGV0ZWN0X2ludGVsXzQuNC4yNC4wLmphciIgaGVpZ2h0PSIwIiB3aWR0aD0iMCI+PHBhcmFtIG5hbWU9ImNvZGUiIHZhbHVlPSJTUkxBcHBsZXQuY2xhc3MiIC8+IDwvb2JqZWN0PmQCEQ9kFgICBw8WAh4EVGV4dAXFATxhIGhyZWY9Imh0dHA6Ly9jb250ZW50LnN5c3RlbXJlcXVpcmVtZW50c2xhYi5jb20uczMuYW1hem9uYXdzLmNvbS9nbG9iYWwvYmluL2ludGVsX3NybGRldGVjdF80LjQuMjQuMC5tc2kiPkRvd25sb2FkIHRoZSBBY3RpdmVYKi9KYXZhKiBpbnN0YWxsZXI8L2E+IHRvIGluc3RhbGwgdGhlIEFjdGl2ZVgvSmF2YSBjb21wb25lbnQgbWFudWFsbH...] [HttpException (0x80004005): Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.] System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError) +198 System.Web.UI.ViewStateException.ThrowMacValidationError(Exception inner, String persistedState) +14 System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) +274 System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter.Deserialize(String serializedState) +4 System.Web.UI.Util.DeserializeWithAssert(IStateFormatter formatter, String serializedState) +37 System.Web.UI.HiddenFieldPageStatePersister.Load() +241 System.Web.UI.Page.LoadPageStateFromPersistenceMedium() +106 System.Web.UI.Page.LoadAllState() +43 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +8431 System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +253 System.Web.UI.Page.ProcessRequest() +78 System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21 System.Web.UI.Page.ProcessRequest(HttpContext context) +49 ASP.iduu_aspx.ProcessRequest(HttpContext context) +4 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +100 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75 Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.225 Is dit allemaal door XP met de updates? Of door het virus of wat ik ook op de pc had, die de boel door elkaar gooit of beschadigd heeft? Groetjes Holly

anoniem · 1 oktober 2011

Was nog aan het zoeken hoe het zat, nog een poging gedaan, nu zonder foutmelding: Product Detected NVIDIA GeForce Go 6150 Current Driver Installed 8.4.9.8 This device is unknown or unsupported. Please contact the manufacturer for possible updates. More information>> Intel Chipset Software Installation Utility (Chipset INF) Product Detected Current Version Installed This device is unknown or unsupported. Please contact the manufacturer for possible updates. More information>> Audio Driver for Intel Desktop Board Product Detected Conexant High Definition Audio Current Driver Installed 3.23.0.0 This device is unknown or unsupported. Please contact the manufacturer for possible updates. More information>> Wireless Networking (WiFi) Product Detected Broadcom 802.11b/g WLAN Current Driver Installed 4.40.19.0 This device is unknown or unsupported. Please contact the manufacturer for possible updates. More information>> Wired Networking Product Detected {1a3e09be-1e45-494b-9174-d7385b45bbf5}\NVNET_DEV0269 Current Driver Installed This device is unknown or unsupported. Please contact the manufacturer for possible updates. More information>> Groetjes Holly

anoniem · 1 oktober 2011

Je schrijft "In eerste instantie is de validatie okay". Validatie waarvan?

anoniem · 1 oktober 2011

Toen ik op start scannen klikte kreeg ik een schermpje waarin mijn pc volgens de pop-up werd gevalideerd en dat kreeg een 'validation ok' melding er stond niet bij waarvan, gewoon de computer neem ik aan dan...het ging in een blink, heel snel...

anoniem · 1 oktober 2011

"Toen ik op start scannen klikte kreeg ik een schermpje waarin mijn pc volgens de pop-up werd gevalideerd en dat kreeg een 'validation ok' melding er stond niet bij waarvan, gewoon de computer neem ik aan dan...het ging in een blink, heel snel...". Ik weet één ding, dan ben je niet op de Intel site geweest, waar dan wel weet joost misschien wel?

anoniem · 1 oktober 2011

Ik heb op de link van Intel geklikt in je post... :( ik heb mijn mob met camera erbij, maar het was te snel voor ik het kon vastleggen. ...? Ik ga ervanuit dat als ik op de link klik dat ik op de goede site kom...dat neem ik klakkeloos aan, maar word ik dan ge-redirect ergens naartoe? Kan ik dat controleren? deze staat in de History: http://www.intel.com/p/en_US/support/detect

anoniem · 1 oktober 2011

en in de historie van de downloads zijn de laatste items die ik heb gedownload Systemlook en Avenger. Waar kan ik misschien nog meer acties van de pc checken?

Toolbar moet weg, opstarten gaat niet goed, Panda weg soms

Vraag

Link naar reactie

Beste reacties voor deze vraag

Populaire dagen

Beste reacties voor deze vraag

Populaire dagen

132 antwoorden op deze vraag

Aanbevolen berichten

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Populaire leden

Leden

Recente topics