[OPGELOST] Lokaal Station C niet openen

:s Telkens ik op mijn laptop : Lokaal stationC wil openen (dubbelklik) krijg ik de melding dat Windows het bestand RECYCLER/en dan een aantal nummers + com niet kan vinden , wat kan ik daaraan doen , ik moet wel zeggen dat ik een paar dagen de laptop niet uit kreeg standaard via START en daarom heb ik dan de grote middellen ingezet via de power knop alles uit en opnieuw opstarten , geen goeie zet denk ik . Ik kan ook systeemherstel niet maken zodat de laptop naar een andere datum verplaatst is , hij hangt denk ik door een infectie van een virus of worm; ILogfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:27:46, on 30/01/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\BurnAware Professional\nmsaccessu.exe

C:\WINDOWS\system32\o2flash.exe

C:\Program Files\Belgacom\bin\sprtsvc.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll

O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm

O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: McAfee Application Installer Cleanup (0114421233256532) (0114421233256532mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\0114421233256532mcinst.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Professional\nmsaccessu.exe

O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe

O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--

End of file - 8319 bytes

k geef hierbij een log bestand van Hjack

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• Dubbelklik op Combofix.exe om het te starten.
  Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
  Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
  Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  Klik na afloop terug op Ja om het scannen op malware te starten.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Zodra ik je wijze raad bekeken heb ik de stappen uitgevoerd zoals je melde en daarna een log tekst meegestuurd , het was wel kantje boord met mijn anti-virus programma , ik had hem uitgezet maar de real beveiliging bleef aan en blokkeerde veel stappen die ComboFix uitvoerde maar heb het allemaal toegestaan en werkte ,nogmaals een dikke merci voor de hulp.ComboFix 09-01-21.04 - Eigenaar 2009-01-30 23:02:07.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.476 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Eigenaar\Mijn documenten\ComboFix.exe

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)

* Nieuw herstelpunt werd aangemaakt

* Resident AV is active

.

- VERMINDERDE FUNCTIONALITEIT MODUS -

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

c:\program files\Mozilla Firefox\components\iamfamous.dll

c:\windows\msvrc20.dll

c:\windows\system32\404Fix.exe

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-28 to 2009-01-30 ))))))))))))))))))))))))))))))

.

2009-01-30 22:39 . 2009-01-30 22:41 <DIR> d-------- c:\program files\JetAudio

2009-01-30 22:39 . 2009-01-30 22:40 <DIR> d-------- c:\program files\Common Files\COWON

2009-01-30 22:39 . 2009-01-30 22:39 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\InstallShield

2009-01-30 20:31 . 2009-01-30 20:31 <DIR> d-------- c:\windows\LastGood

2009-01-30 20:31 . 2009-01-30 20:31 <DIR> d-------- c:\program files\Common Files\McAfee

2009-01-30 20:30 . 2009-01-30 20:31 <DIR> d-------- c:\program files\McAfee

2009-01-30 19:54 . 2008-07-15 11:48 208,896 --a------ c:\windows\system32\ConTest.dll

2009-01-30 19:54 . 2008-05-29 10:37 20,480 --a------ c:\windows\system32\SysRestore.dll

2009-01-30 17:12 . 2009-01-30 20:27 75,264 --a------ c:\windows\system32\drivers\gaopdxserv.sys

2009-01-29 23:04 . 2009-01-30 21:37 <DIR> dr-h----- c:\documents and settings\Eigenaar\Onlangs geopend

2009-01-29 22:16 . 2009-01-30 15:38 4 --a------ c:\windows\system32\gaopdxcounter

2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Malwarebytes

2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-23 20:41 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-23 20:41 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-23 20:36 . 2009-01-23 20:36 <DIR> d-------- c:\program files\Trend Micro

2009-01-23 19:02 . 2009-01-23 19:02 <DIR> d-------- c:\program files\InCode Solutions

2009-01-17 16:13 . 2009-01-17 16:13 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\GlarySoft

2009-01-17 13:51 . 2009-01-18 19:21 <DIR> d-------- c:\program files\a-squared Anti-Malware

2009-01-16 22:44 . 2009-01-16 23:14 <DIR> d-------- c:\program files\MSECACHE

2009-01-16 21:58 . 2009-01-16 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools

2009-01-15 21:34 . 2009-01-30 22:42 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\COWON

2009-01-14 20:36 . 2009-01-14 20:36 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-13 20:50 . 2009-01-16 23:01 <DIR> d-------- c:\program files\OpenOffice.org 3

2009-01-13 20:06 . 2009-01-16 23:01 <DIR> d-------- c:\program files\K-Lite Codec Pack

2009-01-12 22:34 . 2009-01-12 22:34 <DIR> d-------- c:\program files\IObit

2009-01-11 17:24 . 2009-01-11 17:24 <DIR> d-------- c:\program files\Common Files\Java

2009-01-10 23:07 . 2009-01-10 23:07 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Uniblue

2009-01-10 10:42 . 2009-01-30 21:03 <DIR> d-------- c:\program files\WinAVI Video Converter

2009-01-09 22:31 . 2009-01-09 22:31 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\OpenOffice.org

2009-01-09 22:28 . 2009-01-09 22:28 <DIR> d-------- c:\program files\readmes

2009-01-09 22:28 . 2009-01-09 22:28 <DIR> d-------- c:\program files\licenses

2009-01-07 21:54 . 2009-01-07 21:54 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\dBpoweramp

2009-01-07 21:53 . 2009-01-11 17:26 <DIR> d-------- c:\program files\AC3Filter

2008-12-29 08:54 . 2008-12-29 08:54 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Bitdefender

2008-12-29 08:53 . 2009-01-11 17:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender

2008-12-27 23:53 . 2008-12-27 23:53 603,904 --a------ c:\windows\system32\TUProgSt.exe

2008-12-27 23:53 . 2008-12-27 23:53 362,240 --a------ c:\windows\system32\TuneUpDefragService.exe

2008-12-27 23:53 . 2008-11-12 16:44 27,904 --a------ c:\windows\system32\uxtuneup.dll

2008-12-27 19:54 . 2008-12-27 19:54 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\TuneUp Software

2008-12-27 19:54 . 2008-12-27 19:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software

2008-12-27 19:54 . 2008-12-27 23:52 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2008-12-27 17:59 . 2008-12-27 18:01 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Smart PC Solutions

2008-12-26 23:00 . 2009-01-30 20:23 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft

2008-12-26 22:14 . 2008-12-26 22:23 23 --a------ c:\windows\DownloadStudio.INI

2008-12-26 21:51 . 2008-12-26 21:53 33 --a------ c:\windows\DownloadStudioScheduleMonitor.INI

2008-12-26 21:24 . 2009-01-16 23:00 <DIR> d-------- c:\program files\ffdshow

2008-12-21 21:34 . 2008-12-21 21:34 22,104 --a------ c:\documents and settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT

2008-12-19 11:01 . 2008-12-19 11:01 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Pegasys Inc

2008-12-18 22:43 . 2008-12-18 22:43 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Desktopicon

2008-12-17 22:50 . 2008-12-17 22:50 34 --ah----- c:\windows\system32\Converter_sysquict.dat

2008-12-17 21:45 . 2002-06-17 20:36 482,816 --a------ c:\windows\system32\VFCodec.dll

2008-12-17 21:18 . 2003-02-22 01:26 7,168 --a------ c:\windows\system\temp.000

2008-12-17 21:18 . 2003-02-22 01:25 5,120 --a------ c:\windows\system\temp.002

2008-12-17 21:18 . 2003-02-22 01:25 5,120 --a------ c:\windows\system\temp.001

2008-12-14 22:23 . 2008-12-14 22:23 <DIR> d-------- c:\documents and settings\Eigenaar\.divx

2008-12-14 22:20 . 2008-12-14 22:20 <DIR> d-------- c:\documents and settings\Eigenaar\.drdivx2

2008-12-11 10:56 . 2009-01-11 17:17 <DIR> d-------- c:\windows\SxsCaPendDel

2008-12-07 20:40 . 2003-02-22 01:26 7,168 --a------ c:\windows\system\vdremote.dll

2008-12-07 20:40 . 2003-02-22 01:25 5,120 --a------ c:\windows\system\vdsvrlnk.dll

2008-12-05 22:16 . 2008-12-05 22:40 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Any Video Converter

2008-12-05 17:00 . 2008-12-05 17:00 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\NCH Swift Sound

2008-12-05 17:00 . 2008-12-05 17:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound

2008-12-05 17:00 . 2008-12-05 19:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Software

2008-12-05 16:59 . 2008-12-05 19:40 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\NCH Software

2008-12-04 22:50 . 2008-12-04 22:50 <DIR> d-------- c:\program files\CDisplay

2008-12-03 09:11 . 2009-01-14 20:36 410,984 --a------ c:\windows\system32\deploytk.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-30 22:00 81,984 -c--a-w c:\windows\system32\bdod.bin

2009-01-30 21:55 --------- d-----w c:\documents and settings\Eigenaar\Application Data\uTorrent

2009-01-30 21:39 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-30 19:31 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee

2009-01-23 20:38 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-01-17 12:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-11 17:36 77,824 ----a-w c:\windows\system32\xcomm.dll

2009-01-11 16:25 --------- d-----w c:\program files\Creative

2009-01-11 16:25 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore

2009-01-10 21:51 --------- d-----w c:\program files\Java

2008-12-21 16:12 73,216 ----a-w c:\windows\ST6UNST.EXE

2008-12-21 16:12 249,856 ------w c:\windows\Setup1.exe

2008-12-20 21:48 --------- d-----w c:\program files\DivX

2008-12-19 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-11-24 20:07 5,068,152 ----a-w c:\windows\system32\SpoonUninstall.exe

2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe

2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll

2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll

2008-11-21 21:45 823,296 ----a-w c:\windows\system32\divx_xx0c.dll

2008-11-21 21:45 823,296 ----a-w c:\windows\system32\divx_xx07.dll

2008-11-21 21:45 815,104 ----a-w c:\windows\system32\divx_xx0a.dll

2008-11-21 21:45 802,816 ----a-w c:\windows\system32\divx_xx11.dll

2008-11-21 21:45 684,032 ----a-w c:\windows\system32\DivX.dll

2008-11-21 21:45 57,344 ----a-w c:\windows\system32\dpv11.dll

2008-11-21 21:45 53,248 ----a-w c:\windows\system32\dpuGUI10.dll

2008-11-21 21:45 344,064 ----a-w c:\windows\system32\dpus11.dll

2008-11-21 21:45 294,912 ----a-w c:\windows\system32\dpu11.dll

2008-11-21 21:45 294,912 ----a-w c:\windows\system32\dpu10.dll

2008-11-21 21:44 161,096 -c--a-w c:\windows\system32\DivXCodecVersionChecker.exe

2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 -c--a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 -c--a-w c:\windows\system32\wups.dll

2008-10-03 10:05 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-07-29 13:54 87,608 -c--a-w c:\documents and settings\Eigenaar\Application Data\inst.exe

2008-07-29 13:54 47,360 -c--a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys

2008-10-21 18:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008092920081006\index.dat

2008-10-21 18:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008102120081022\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-07 160592]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2009-01-11 61440]

"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-01-11 360448]

"SMSERIAL"="sm56hlpr.exe" [2006-01-20 c:\windows\sm56hlpr.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i263_32.drv

"vidc.I263"= I263_32.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ :\windows\SYSTEM32\srrstr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Web Server

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-02-27 34880]

R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-02-20 29056]

R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-30 203280]

R4 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]

R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-27 603904]

S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?]

S4 0017661233343878mcinstcleanup;McAfee Application Installer Cleanup (0017661233343878);c:\docume~1\Eigenaar\LOCALS~1\Temp\0017661233343878mcinst.exe c:\progra~1\COMMON~1\McAfee\Installer\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Eigenaar\LOCALS~1\Temp\0017661233343878mcinst.exe c:\progra~1\COMMON~1\McAfee\Installer\cleanup.ini -cleanup -nolog -service [?]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - AFFBBE87

*NewlyCreated* - MCAFEE_SITEADVISOR_SERVICE

*Deregistered* - affbbe87

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5432a3-e505-11dc-944b-806d6172696f}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-6-6-62-100002160-100016978-100015098-3284.com c:\

\Shell\Open\command - c:\recycler\S-6-6-62-100002160-100016978-100015098-3284.com c:\

.

Inhoud van de 'Gedeelde Taken' map

2009-01-16 c:\windows\Tasks\WinASORegistryOptimizerForEigenaar.job

- c:\program files\WinASO\Registry Optimizer\RegOpt.exe []

.

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

.

------- Bijkomende Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Visit in &3D using ExitReality - ExitReality

Trusted Zone: cheggit.net

Trusted Zone: puretna.com

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-30 23:02:32

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]

"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]

"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys]

"imagepath"="\systemroot\system32\drivers\gaopdxituwydlt.sys"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys]

@DACL=(02 0000)

"start"=dword:00000001

"type"=dword:00000001

"imagepath"=expand:"\\systemroot\\system32\\drivers\\gaopdxituwydlt.sys"

"group"="file system"

"userdata"=dword:00000002

.

Voltooingstijd: 2009-01-30 23:05:48

ComboFix-quarantined-files.txt 2009-01-30 22:05:45

Pre-Run: 92.442.005.504 bytes beschikbaar

Post-Run: 92,443,549,696 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

253 --- E O F --- 2009-01-29 19:32:50

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\ConTest.dll

c:\windows\system32\SysRestore.dll

c:\windows\system32\drivers\gaopdxserv.sys

Folder::

c:\windows\system32\gaopdxcounter

Driver::

gaopdxserv.sys

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5432a3-e505-11dc-944b-806d6172696f}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Ik zit met een serieus probleem nu , als ik Combofix wil starten blokkeerd Bitdefender hem op iedere vraag en ik wil geel risico lopen voor ernstige schade aan de laptop en wil het op een andere manier doen , ik heb nagegaan welk bestand is besmet en heb het bestand gevonden met de naam genius.exe ( Belgacom ) en van I-Talk instellingen , mijn vraag is nu verwijder ik eerst al de programmas of alleen het bestand

Het is een normale zaak dat diverse scanners reageren op de aanwezigheid van delen van Combofix. Maar wil je de kern van je probleem oplossen, zal je toch door de zure appel moeten bijten en ofwel de meldingen van Bitdefender negeren, ofwel Bitdefender (tijdelijk) uitschakelen. Maar dat is uiteraard jouw keuze. Als je het op een andere manier wil/kan oplossen ... prima voor mij.

Ben er trouwens van overtuigd dat verwijderen van dat ene bestand geen oplossing zal bieden. De knoop zit hem in deze besmette driver gaopdxserv.sys en in een deel dat Combofix moet opruimen in je register.

ComboFix 09-01-31.03 - Eigenaar 2009-02-01 16:07:09.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.456 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Eigenaar\Mijn documenten\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript.txt

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)

* Nieuw herstelpunt werd aangemaakt

* Resident AV is active

FILE ::

c:\windows\system32\ConTest.dll

c:\windows\system32\drivers\gaopdxserv.sys

c:\windows\system32\SysRestore.dll

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

c:\documents and settings\Eigenaar\Application Data\inst.exe

c:\windows\system32\ConTest.dll

c:\windows\system32\drivers\gaopdxdotgoyer.sys

c:\windows\system32\drivers\gaopdxyoulvypq.sys

c:\windows\system32\gaopdxcounter\

c:\windows\system32\regm64.dll

c:\windows\system32\SysRestore.dll

c:\windows\system32\xcomm.dll

.

---- Voorgaande Run -------

.

C:\Autorun.inf

c:\documents and settings\Eigenaar\Application Data\inst.exe

c:\windows\system32\drivers\gaopdxserv.sys

c:\windows\system32\regm64.dll

c:\windows\system32\xcomm.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Legacy_NPF

-------\Service_gaopdxserv.sys

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-01 to 2009-02-01 ))))))))))))))))))))))))))))))

.

2009-01-31 21:48 . 2005-03-09 19:10 89,088 --a------ c:\windows\system32\atl71.dll

2009-01-31 21:02 . 2009-02-01 16:01 <DIR> dr-h----- c:\documents and settings\Eigenaar\Onlangs geopend

2009-01-31 20:59 . 2009-01-31 20:59 <DIR> d-------- c:\program files\CCleaner

2009-01-31 20:37 . 2009-01-31 20:37 <DIR> d-------- c:\program files\Windows Defender

2009-01-31 20:15 . 2009-01-31 20:15 <DIR> d-------- c:\program files\FormatFactory

2009-01-31 19:44 . 2000-08-31 08:00 29,696 --a------ c:\windows\NIRCMD(2).exe

2009-01-31 19:11 . 2009-01-31 19:46 <DIR> d--hs---- C:\RECYCLER(3)

2009-01-30 20:31 . 2009-01-30 20:31 <DIR> d-------- c:\program files\Common Files\McAfee

2009-01-30 20:30 . 2009-01-31 21:53 <DIR> d-------- c:\program files\McAfee

2009-01-29 22:16 . 2009-01-31 19:41 4 --a------ c:\windows\system32\gaopdxcounter

2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Malwarebytes

2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-23 20:36 . 2009-01-23 20:36 <DIR> d-------- c:\program files\Trend Micro

2009-01-23 19:02 . 2009-01-23 19:02 <DIR> d-------- c:\program files\InCode Solutions

2009-01-17 16:13 . 2009-01-17 16:13 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\GlarySoft

2009-01-17 13:51 . 2009-01-18 19:21 <DIR> d-------- c:\program files\a-squared Anti-Malware

2009-01-16 22:44 . 2009-01-16 23:14 <DIR> d-------- c:\program files\MSECACHE

2009-01-16 21:58 . 2009-01-16 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools

2009-01-15 21:34 . 2009-01-31 20:31 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\COWON

2009-01-14 20:36 . 2009-01-14 20:36 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-13 20:50 . 2009-01-16 23:01 <DIR> d-------- c:\program files\OpenOffice.org 3

2009-01-13 20:06 . 2009-01-16 23:01 <DIR> d-------- c:\program files\K-Lite Codec Pack

2009-01-11 17:24 . 2009-01-11 17:24 <DIR> d-------- c:\program files\Common Files\Java

2009-01-10 23:07 . 2009-01-10 23:07 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Uniblue

2009-01-10 10:42 . 2009-01-31 19:11 <DIR> d-------- c:\program files\WinAVI Video Converter

2009-01-09 22:31 . 2009-01-09 22:31 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\OpenOffice.org

2009-01-09 22:28 . 2009-01-09 22:28 <DIR> d-------- c:\program files\readmes

2009-01-09 22:28 . 2009-01-09 22:28 <DIR> d-------- c:\program files\licenses

2009-01-07 21:54 . 2009-01-07 21:54 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\dBpoweramp

2009-01-07 21:53 . 2009-01-11 17:26 <DIR> d-------- c:\program files\AC3Filter

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-31 22:54 --------- d-----w c:\documents and settings\Eigenaar\Application Data\uTorrent

2009-01-31 21:14 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-31 21:08 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore

2009-01-30 19:31 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee

2009-01-23 20:38 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-01-17 12:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-16 22:00 --------- d-----w c:\program files\ffdshow

2009-01-11 16:34 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender

2009-01-11 16:25 --------- d-----w c:\program files\Creative

2009-01-10 21:51 --------- d-----w c:\program files\Java

2008-12-29 07:54 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Bitdefender

2008-12-27 22:52 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2008-12-27 18:54 --------- d-----w c:\documents and settings\Eigenaar\Application Data\TuneUp Software

2008-12-27 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software

2008-12-27 17:01 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Smart PC Solutions

2008-12-21 20:34 22,104 ----a-w c:\documents and settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT

2008-12-21 16:12 73,216 ----a-w c:\windows\ST6UNST.EXE

2008-12-21 16:12 249,856 ------w c:\windows\Setup1.exe

2008-12-20 21:48 --------- d-----w c:\program files\DivX

2008-12-19 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2008-12-19 10:01 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Pegasys Inc

2008-12-18 21:43 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Desktopicon

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-05 21:40 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Any Video Converter

2008-12-05 18:40 --------- d-----w c:\documents and settings\Eigenaar\Application Data\NCH Software

2008-12-05 18:40 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software

2008-12-05 16:00 --------- d-----w c:\documents and settings\Eigenaar\Application Data\NCH Swift Sound

2008-12-05 16:00 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound

2008-12-04 21:50 --------- d-----w c:\program files\CDisplay

2008-07-29 13:54 47,360 -c--a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys

2008-10-21 18:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008092920081006\index.dat

2008-10-21 18:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008102120081022\index.dat

.

((((((((((((((((((((((((((((( snapshot@2009-01-30_23.04.42,51 )))))))))))))))))))))))))))))))))))))))))

.

- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe

+ 2000-08-31 07:00:00 286,720 ----a-w c:\windows\SWREG.exe

- 2009-01-30 22:00:17 81,984 -c--a-w c:\windows\system32\bdod.bin

+ 2009-02-01 15:09:12 81,984 -c--a-w c:\windows\system32\bdod.bin

- 2009-01-16 20:14:07 130,096 -c--a-w c:\windows\system32\FNTCACHE.DAT

+ 2009-01-31 10:26:42 130,096 -c--a-w c:\windows\system32\FNTCACHE.DAT

- 2003-03-18 19:14:52 499,712 ----a-w c:\windows\system32\msvcp71.dll

+ 2005-03-09 18:10:10 503,808 ----a-w c:\windows\system32\msvcp71.dll

- 2003-02-21 03:42:22 348,160 ----a-w c:\windows\system32\msvcr71.dll

+ 2005-03-09 18:10:10 348,160 ----a-w c:\windows\system32\msvcr71.dll

- 2009-01-16 22:02:43 10,180,008 ----a-w c:\windows\system32\Restore\rstrlog.dat

+ 2009-01-31 18:47:12 2,218,660 ----a-w c:\windows\system32\Restore\rstrlog.dat

+ 2009-02-01 15:11:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f8.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-07 160592]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2009-01-11 61440]

"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-01-11 360448]

"SMSERIAL"="sm56hlpr.exe" [2006-01-20 c:\windows\sm56hlpr.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i263_32.drv

"vidc.I263"= I263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Web Server

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-02-27 34880]

R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-02-20 29056]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-30 203280]

R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-27 603904]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

2009-02-01 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-01-16 c:\windows\Tasks\WinASORegistryOptimizerForEigenaar.job

- c:\program files\WinASO\Registry Optimizer\RegOpt.exe []

.

.

------- Bijkomende Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Visit in &3D using ExitReality - ExitReality

Trusted Zone: cheggit.net

Trusted Zone: puretna.com

FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\h010fwvn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Van Dale Woordenboek

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - component: c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\h010fwvn.default\extensions\{b7f907ee-0a1b-43b8-a611-b429a184ad6b}\components\FFAlert.dll

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

pref(dom.disable_open_during_load, true);.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-01 16:11:58

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]

"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]

"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\CTSVCCDA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\o2flash.exe

c:\windows\system32\MsPMSPSv.exe

c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

.

**************************************************************************

.

Voltooingstijd: 2009-02-01 16:17:21 - machine werd herstart [Eigenaar]

ComboFix-quarantined-files.txt 2009-02-01 15:17:18

ComboFix2.txt 2009-01-30 22:05:50

Pre-Run: 90,889,330,688 bytes beschikbaar

Post-Run: 90,883,391,488 bytes beschikbaar

229 --- E O F --- 2009-01-29 19:32:50

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:22:30, on 1/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\WINDOWS\system32\o2flash.exe

C:\Program Files\Belgacom\bin\sprtsvc.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\SYSTEM32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Visit in &3D using ExitReality - ExitReality

O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe

O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--

End of file - 7843 bytes

Ik heb de stappen ondernomen die je me eerst doorgaf !

Hierboven zie je de logfiles van Combofix en HijackThis.

Hopelijk is het probleem hiermee opgelost !

Nu zit ik wel met het probleem dat ik mijn BitDefender niet meer kan openen, wat kan ik het beste doen ? Het programma van mijn computer halen en opnieuw installeren ?

Alvast bedankt

Mario

ComboFix 09-01-31.03 - Eigenaar 2009-02-01 16:07:09.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.456 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Eigenaar\Mijn documenten\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript.txt

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)

* Nieuw herstelpunt werd aangemaakt

* Resident AV is active

FILE ::

c:\windows\system32\ConTest.dll

c:\windows\system32\drivers\gaopdxserv.sys

c:\windows\system32\SysRestore.dll

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

c:\documents and settings\Eigenaar\Application Data\inst.exe

c:\windows\system32\ConTest.dll

c:\windows\system32\drivers\gaopdxdotgoyer.sys

c:\windows\system32\drivers\gaopdxyoulvypq.sys

c:\windows\system32\gaopdxcounter\

c:\windows\system32\regm64.dll

c:\windows\system32\SysRestore.dll

c:\windows\system32\xcomm.dll

.

---- Voorgaande Run -------

.

C:\Autorun.inf

c:\documents and settings\Eigenaar\Application Data\inst.exe

c:\windows\system32\drivers\gaopdxserv.sys

c:\windows\system32\regm64.dll

c:\windows\system32\xcomm.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Legacy_NPF

-------\Service_gaopdxserv.sys

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-01 to 2009-02-01 ))))))))))))))))))))))))))))))

.

2009-01-31 21:48 . 2005-03-09 19:10 89,088 --a------ c:\windows\system32\atl71.dll

2009-01-31 21:02 . 2009-02-01 16:01 <DIR> dr-h----- c:\documents and settings\Eigenaar\Onlangs geopend

2009-01-31 20:59 . 2009-01-31 20:59 <DIR> d-------- c:\program files\CCleaner

2009-01-31 20:37 . 2009-01-31 20:37 <DIR> d-------- c:\program files\Windows Defender

2009-01-31 20:15 . 2009-01-31 20:15 <DIR> d-------- c:\program files\FormatFactory

2009-01-31 19:44 . 2000-08-31 08:00 29,696 --a------ c:\windows\NIRCMD(2).exe

2009-01-31 19:11 . 2009-01-31 19:46 <DIR> d--hs---- C:\RECYCLER(3)

2009-01-30 20:31 . 2009-01-30 20:31 <DIR> d-------- c:\program files\Common Files\McAfee

2009-01-30 20:30 . 2009-01-31 21:53 <DIR> d-------- c:\program files\McAfee

2009-01-29 22:16 . 2009-01-31 19:41 4 --a------ c:\windows\system32\gaopdxcounter

2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Malwarebytes

2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-23 20:36 . 2009-01-23 20:36 <DIR> d-------- c:\program files\Trend Micro

2009-01-23 19:02 . 2009-01-23 19:02 <DIR> d-------- c:\program files\InCode Solutions

2009-01-17 16:13 . 2009-01-17 16:13 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\GlarySoft

2009-01-17 13:51 . 2009-01-18 19:21 <DIR> d-------- c:\program files\a-squared Anti-Malware

2009-01-16 22:44 . 2009-01-16 23:14 <DIR> d-------- c:\program files\MSECACHE

2009-01-16 21:58 . 2009-01-16 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools

2009-01-15 21:34 . 2009-01-31 20:31 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\COWON

2009-01-14 20:36 . 2009-01-14 20:36 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-13 20:50 . 2009-01-16 23:01 <DIR> d-------- c:\program files\OpenOffice.org 3

2009-01-13 20:06 . 2009-01-16 23:01 <DIR> d-------- c:\program files\K-Lite Codec Pack

2009-01-11 17:24 . 2009-01-11 17:24 <DIR> d-------- c:\program files\Common Files\Java

2009-01-10 23:07 . 2009-01-10 23:07 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Uniblue

2009-01-10 10:42 . 2009-01-31 19:11 <DIR> d-------- c:\program files\WinAVI Video Converter

2009-01-09 22:31 . 2009-01-09 22:31 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\OpenOffice.org

2009-01-09 22:28 . 2009-01-09 22:28 <DIR> d-------- c:\program files\readmes

2009-01-09 22:28 . 2009-01-09 22:28 <DIR> d-------- c:\program files\licenses

2009-01-07 21:54 . 2009-01-07 21:54 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\dBpoweramp

2009-01-07 21:53 . 2009-01-11 17:26 <DIR> d-------- c:\program files\AC3Filter

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-31 22:54 --------- d-----w c:\documents and settings\Eigenaar\Application Data\uTorrent

2009-01-31 21:14 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-31 21:08 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore

2009-01-30 19:31 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee

2009-01-23 20:38 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-01-17 12:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-16 22:00 --------- d-----w c:\program files\ffdshow

2009-01-11 16:34 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender

2009-01-11 16:25 --------- d-----w c:\program files\Creative

2009-01-10 21:51 --------- d-----w c:\program files\Java

2008-12-29 07:54 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Bitdefender

2008-12-27 22:52 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2008-12-27 18:54 --------- d-----w c:\documents and settings\Eigenaar\Application Data\TuneUp Software

2008-12-27 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software

2008-12-27 17:01 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Smart PC Solutions

2008-12-21 20:34 22,104 ----a-w c:\documents and settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT

2008-12-21 16:12 73,216 ----a-w c:\windows\ST6UNST.EXE

2008-12-21 16:12 249,856 ------w c:\windows\Setup1.exe

2008-12-20 21:48 --------- d-----w c:\program files\DivX

2008-12-19 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2008-12-19 10:01 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Pegasys Inc

2008-12-18 21:43 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Desktopicon

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-05 21:40 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Any Video Converter

2008-12-05 18:40 --------- d-----w c:\documents and settings\Eigenaar\Application Data\NCH Software

2008-12-05 18:40 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software

2008-12-05 16:00 --------- d-----w c:\documents and settings\Eigenaar\Application Data\NCH Swift Sound

2008-12-05 16:00 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound

2008-12-04 21:50 --------- d-----w c:\program files\CDisplay

2008-07-29 13:54 47,360 -c--a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys

2008-10-21 18:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008092920081006\index.dat

2008-10-21 18:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008102120081022\index.dat

.

((((((((((((((((((((((((((((( snapshot@2009-01-30_23.04.42,51 )))))))))))))))))))))))))))))))))))))))))

.

- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe

+ 2000-08-31 07:00:00 286,720 ----a-w c:\windows\SWREG.exe

- 2009-01-30 22:00:17 81,984 -c--a-w c:\windows\system32\bdod.bin

+ 2009-02-01 15:09:12 81,984 -c--a-w c:\windows\system32\bdod.bin

- 2009-01-16 20:14:07 130,096 -c--a-w c:\windows\system32\FNTCACHE.DAT

+ 2009-01-31 10:26:42 130,096 -c--a-w c:\windows\system32\FNTCACHE.DAT

- 2003-03-18 19:14:52 499,712 ----a-w c:\windows\system32\msvcp71.dll

+ 2005-03-09 18:10:10 503,808 ----a-w c:\windows\system32\msvcp71.dll

- 2003-02-21 03:42:22 348,160 ----a-w c:\windows\system32\msvcr71.dll

+ 2005-03-09 18:10:10 348,160 ----a-w c:\windows\system32\msvcr71.dll

- 2009-01-16 22:02:43 10,180,008 ----a-w c:\windows\system32\Restore\rstrlog.dat

+ 2009-01-31 18:47:12 2,218,660 ----a-w c:\windows\system32\Restore\rstrlog.dat

+ 2009-02-01 15:11:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f8.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-07 160592]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2009-01-11 61440]

"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-01-11 360448]

"SMSERIAL"="sm56hlpr.exe" [2006-01-20 c:\windows\sm56hlpr.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i263_32.drv

"vidc.I263"= I263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Web Server

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-02-27 34880]

R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-02-20 29056]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-30 203280]

R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-27 603904]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

2009-02-01 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-01-16 c:\windows\Tasks\WinASORegistryOptimizerForEigenaar.job

- c:\program files\WinASO\Registry Optimizer\RegOpt.exe []

.

.

------- Bijkomende Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Visit in &3D using ExitReality - ExitReality

Trusted Zone: cheggit.net

Trusted Zone: puretna.com

FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\h010fwvn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Van Dale Woordenboek

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - component: c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\h010fwvn.default\extensions\{b7f907ee-0a1b-43b8-a611-b429a184ad6b}\components\FFAlert.dll

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

pref(dom.disable_open_during_load, true);.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-01 16:11:58

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]

"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]

"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\CTSVCCDA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\o2flash.exe

c:\windows\system32\MsPMSPSv.exe

c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

.

**************************************************************************

.

Voltooingstijd: 2009-02-01 16:17:21 - machine werd herstart [Eigenaar]

ComboFix-quarantined-files.txt 2009-02-01 15:17:18

ComboFix2.txt 2009-01-30 22:05:50

Pre-Run: 90,889,330,688 bytes beschikbaar

Post-Run: 90,883,391,488 bytes beschikbaar

229 --- E O F --- 2009-01-29 19:32:50

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:22:30, on 1/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\WINDOWS\system32\o2flash.exe

C:\Program Files\Belgacom\bin\sprtsvc.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\SYSTEM32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Visit in &3D using ExitReality - ExitReality

O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe

O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--

End of file - 7843 bytes

Hierboven vind je de logfiles van ComboFix en HijackThis !

Zoals u me aangeraden had.

Hopelijk is het probleem hierbij nu opgelost !

Nu zit ik wel met het probleem dat ik mijn Bitdefender niet kan openen. Ik krijg voortdurend een foutmelding! Wat kan ik nu het beste doen ?

Bitdefender van mijn computer halen en opnieuw installeren ? Of iets anders doen ?

Alvast bedankt !

Mario

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

En die Bitdefender zal je inderdaad via uninstallen en terug installeren opnieuw aan de praat moeten krijgen (is nochtans nergens - tenzij door de besmetting misschien - uitgeschakeld)..

ComboFix 09-01-31.03 - Eigenaar 2009-02-01 19:57:15.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.535 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Eigenaar\Mijn documenten\ComboFix.exe

gebruikte Opdracht switches :: / u

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-01 to 2009-02-01 ))))))))))))))))))))))))))))))

.

2009-01-31 21:48 . 2005-03-09 19:10 89,088 --a------ c:\windows\system32\atl71.dll

2009-01-31 21:02 . 2009-02-01 17:51 <DIR> dr-h----- c:\documents and settings\Eigenaar\Onlangs geopend

2009-01-31 20:59 . 2009-01-31 20:59 <DIR> d-------- c:\program files\CCleaner

2009-01-31 20:37 . 2009-01-31 20:37 <DIR> d-------- c:\program files\Windows Defender

2009-01-31 20:15 . 2009-01-31 20:15 <DIR> d-------- c:\program files\FormatFactory

2009-01-31 19:44 . 2000-08-31 08:00 29,696 --a------ c:\windows\NIRCMD(2).exe

2009-01-31 19:11 . 2009-01-31 19:46 <DIR> d--hs---- C:\RECYCLER(3)

2009-01-30 20:31 . 2009-01-30 20:31 <DIR> d-------- c:\program files\Common Files\McAfee

2009-01-30 20:30 . 2009-01-31 21:53 <DIR> d-------- c:\program files\McAfee

2009-01-29 22:16 . 2009-01-31 19:41 4 --a------ c:\windows\system32\gaopdxcounter

2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Malwarebytes

2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-23 20:36 . 2009-01-23 20:36 <DIR> d-------- c:\program files\Trend Micro

2009-01-23 19:02 . 2009-01-23 19:02 <DIR> d-------- c:\program files\InCode Solutions

2009-01-17 16:13 . 2009-01-17 16:13 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\GlarySoft

2009-01-17 13:51 . 2009-01-18 19:21 <DIR> d-------- c:\program files\a-squared Anti-Malware

2009-01-16 22:44 . 2009-01-16 23:14 <DIR> d-------- c:\program files\MSECACHE

2009-01-16 21:58 . 2009-01-16 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools

2009-01-15 21:34 . 2009-01-31 20:31 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\COWON

2009-01-14 20:36 . 2009-01-14 20:36 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-13 20:50 . 2009-01-16 23:01 <DIR> d-------- c:\program files\OpenOffice.org 3

2009-01-13 20:06 . 2009-01-16 23:01 <DIR> d-------- c:\program files\K-Lite Codec Pack

2009-01-11 17:24 . 2009-01-11 17:24 <DIR> d-------- c:\program files\Common Files\Java

2009-01-10 23:07 . 2009-01-10 23:07 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Uniblue

2009-01-10 10:42 . 2009-01-31 19:11 <DIR> d-------- c:\program files\WinAVI Video Converter

2009-01-09 22:31 . 2009-01-09 22:31 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\OpenOffice.org

2009-01-09 22:28 . 2009-01-09 22:28 <DIR> d-------- c:\program files\readmes

2009-01-09 22:28 . 2009-01-09 22:28 <DIR> d-------- c:\program files\licenses

2009-01-07 21:54 . 2009-01-07 21:54 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\dBpoweramp

2009-01-07 21:53 . 2009-01-11 17:26 <DIR> d-------- c:\program files\AC3Filter

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-01 15:42 --------- d-----w c:\program files\Common Files\BitDefender

2009-02-01 15:09 81,984 -c--a-w c:\windows\system32\bdod.bin

2009-01-31 22:54 --------- d-----w c:\documents and settings\Eigenaar\Application Data\uTorrent

2009-01-31 21:14 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-31 21:08 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore

2009-01-30 19:31 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee

2009-01-23 20:38 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-01-17 12:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-16 22:00 --------- d-----w c:\program files\ffdshow

2009-01-14 19:36 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-01-11 16:25 --------- d-----w c:\program files\Creative

2009-01-10 21:51 --------- d-----w c:\program files\Java

2008-12-27 22:53 603,904 ----a-w c:\windows\system32\TUProgSt.exe

2008-12-27 22:53 362,240 ----a-w c:\windows\system32\TuneUpDefragService.exe

2008-12-27 22:52 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2008-12-27 18:54 --------- d-----w c:\documents and settings\Eigenaar\Application Data\TuneUp Software

2008-12-27 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software

2008-12-27 17:01 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Smart PC Solutions

2008-12-21 20:34 22,104 ----a-w c:\documents and settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT

2008-12-21 16:12 73,216 ----a-w c:\windows\ST6UNST.EXE

2008-12-21 16:12 249,856 ------w c:\windows\Setup1.exe

2008-12-20 21:48 --------- d-----w c:\program files\DivX

2008-12-19 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2008-12-19 10:01 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Pegasys Inc

2008-12-18 21:43 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Desktopicon

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-05 21:40 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Any Video Converter

2008-12-05 18:40 --------- d-----w c:\documents and settings\Eigenaar\Application Data\NCH Software

2008-12-05 18:40 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software

2008-12-05 16:00 --------- d-----w c:\documents and settings\Eigenaar\Application Data\NCH Swift Sound

2008-12-05 16:00 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound

2008-12-04 21:50 --------- d-----w c:\program files\CDisplay

2008-11-24 20:07 5,068,152 ----a-w c:\windows\system32\SpoonUninstall.exe

2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe

2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll

2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll

2008-11-21 21:45 823,296 ----a-w c:\windows\system32\divx_xx0c.dll

2008-11-21 21:45 823,296 ----a-w c:\windows\system32\divx_xx07.dll

2008-11-21 21:45 815,104 ----a-w c:\windows\system32\divx_xx0a.dll

2008-11-21 21:45 802,816 ----a-w c:\windows\system32\divx_xx11.dll

2008-11-21 21:45 684,032 ----a-w c:\windows\system32\DivX.dll

2008-11-21 21:45 57,344 ----a-w c:\windows\system32\dpv11.dll

2008-11-21 21:45 53,248 ----a-w c:\windows\system32\dpuGUI10.dll

2008-11-21 21:45 344,064 ----a-w c:\windows\system32\dpus11.dll

2008-11-21 21:45 294,912 ----a-w c:\windows\system32\dpu11.dll

2008-11-21 21:45 294,912 ----a-w c:\windows\system32\dpu10.dll

2008-11-21 21:44 161,096 -c--a-w c:\windows\system32\DivXCodecVersionChecker.exe

2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

2008-11-12 15:44 27,904 ----a-w c:\windows\system32\uxtuneup.dll

2008-07-29 13:54 47,360 -c--a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys

2008-10-21 18:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008092920081006\index.dat

2008-10-21 18:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008102120081022\index.dat

.

((((((((((((((((((((((((((((( snapshot@2009-01-30_23.04.42,51 )))))))))))))))))))))))))))))))))))))))))

.

- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe

+ 2000-08-31 07:00:00 286,720 ----a-w c:\windows\SWREG.exe

- 2009-01-16 20:14:07 130,096 -c--a-w c:\windows\system32\FNTCACHE.DAT

+ 2009-01-31 10:26:42 130,096 -c--a-w c:\windows\system32\FNTCACHE.DAT

- 2003-03-18 19:14:52 499,712 ----a-w c:\windows\system32\msvcp71.dll

+ 2005-03-09 18:10:10 503,808 ----a-w c:\windows\system32\msvcp71.dll

- 2003-02-21 03:42:22 348,160 ----a-w c:\windows\system32\msvcr71.dll

+ 2005-03-09 18:10:10 348,160 ----a-w c:\windows\system32\msvcr71.dll

- 2009-01-16 22:02:43 10,180,008 ----a-w c:\windows\system32\Restore\rstrlog.dat

+ 2009-01-31 18:47:12 2,218,660 ----a-w c:\windows\system32\Restore\rstrlog.dat

+ 2009-02-01 15:44:05 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_264.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-07 160592]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

"SMSERIAL"="sm56hlpr.exe" [2006-01-20 c:\windows\sm56hlpr.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i263_32.drv

"vidc.I263"= I263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Web Server

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-02-27 34880]

R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-02-20 29056]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-30 203280]

R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-27 603904]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

2009-02-01 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-01-16 c:\windows\Tasks\WinASORegistryOptimizerForEigenaar.job

- c:\program files\WinASO\Registry Optimizer\RegOpt.exe []

.

.

------- Bijkomende Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Visit in &3D using ExitReality - ExitReality

Trusted Zone: cheggit.net

Trusted Zone: puretna.com

FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\h010fwvn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Van Dale Woordenboek

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - component: c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\h010fwvn.default\extensions\{b7f907ee-0a1b-43b8-a611-b429a184ad6b}\components\FFAlert.dll

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

pref(dom.disable_open_during_load, true);.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-01 19:59:16

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1420)

c:\windows\SYSTEM32\igfxdev.dll

.

Voltooingstijd: 2009-02-01 20:01:44

ComboFix-quarantined-files.txt 2009-02-01 19:01:21

ComboFix2.txt 2009-02-01 15:17:23

ComboFix3.txt 2009-01-30 22:05:50

Pre-Run: 90.597.486.592 bytes beschikbaar

Post-Run: 90,584,289,280 bytes beschikbaar

203 --- E O F --- 2009-01-29 19:32:50

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:28:46, on 1/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\WINDOWS\system32\o2flash.exe

C:\Program Files\Belgacom\bin\sprtsvc.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Visit in &3D using ExitReality - ExitReality

O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe

O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--

End of file - 6986 bytes

Hierbij heb ik een log van Combofix en Hjack meegestuurd voor verdere evaluatie , dat was nogal een zure appel maar we moeten er door zoals je zei , ik heb het volgende gedaan : Combofix via START>uitvoeren en typ en OK maar inplaats van verwijderen begon het te starten en melde dat Bitdefender actief was maar dat kan niet want hij was er af van de computer , en door Bitdefender er af was het probleem met Lokaal Station verholpen en kreeg ik het weer open en geen foutmelding meer . Systeemherstel heb ik uitgeschakeld en terug aangezet + een herstellingspunt , zou ik niet best een ander anti-virus programma nemen voor geen toestanden meer te hebben zoals nu , want terwijl Bitdefender uitgeschakeld is hij nog actief in real time beveiliging en blokkeerd iedere actie in ieder geval BEDANKT voor de tijd en ondersteuning voor mijn probleem , als leek heb ik mijn best gedaan (denk ik ) groetjes Mario