[OPGELOST] Computer start traag op en afsluiten is ook traag

**Mikel** · 20 april 2009 16:27

M'n computer start sinds enige tijd traag op en ik heb er reeds verschillende registercanners en diskcleaners op losgelaten maar er is geen noemenswaardige verbetering. Nu heb ik HijackThis geinstaleert en een scan genomen.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:36, on 20/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\TweakRAM\TweakRAM.exe
H:\GiveAwayOfTheDay\History Explorer\HistoryExplorer.Service.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Sunbird\sunbird.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Rocket Division Software\StarWind Lite\StarWindServiceLite.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search - Web Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [Wireless LAN Card Utilities] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: sunbird.exe.lnk = C:\Program Files\Mozilla Sunbird\sunbird.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Sign In
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Elf%20Bowling%20Holiday%20Pack/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by12fd.bay12.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178228126671
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/DDD%20Pool/Images/armhelper.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://www.chat-united.com/controls/msnchat45.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: History Explorer Service - Exendo - H:\GiveAwayOfTheDay\History Explorer\HistoryExplorer.Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: StarWind Service Lite (StarWindServiceLite) - Rocket Division Software - C:\Program Files\Rocket Division Software\StarWind Lite\StarWindServiceLite.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 12420 bytes

Ik denk dat m'n computer besmet is met jestertb.dll . AVG duit geen virus aan. Kan iemand me zeggen wat me te doen staat?

Dank bij voorbaat. Mikel

**kweezie wabbit** · 21 april 2009 12:09

Ik zal aan onze specialist vragen om er een oogje op te werpen.

**kape** · 21 april 2009 12:54

Ga naar Start - Uitvoeren en tik in: sc stop StarWindServiceLite
Druk op Enter.
Ga naar Start - Uitvoeren en tik in: sc delete StarWindServiceLite
Druk op Enter.

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Elf%20Bow...es/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/DDD%20Poo.../armhelper.ocx

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

**Mikel** · 21 april 2009 15:02

Eerst en vooral van harte bedankt voor de vlugge reactie.
Ik heb alles uitgevoerd zoals je beschreven hebt. Ik werk met Windows XP met servisp 3. Ik had nu reeds de indruk dat de computer ietsje sneller opstarte na MBam. In ieder geval nogmaals bedankt aan kxeezie wabbit en zeker ook aan de specialist kape

Hier het bestandje van MBAM en eronder dat van HijackThis

{\rtf1\ansi\ansicpg1252\deff0\deflang2067{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\f0\fs20 Malwarebytes' Anti-Malware 1.36\par
Database versie: 1945\par
Windows 5.1.2600 Service Pack 3\par
\par
21/04/2009 15:35:35\par
mbam-log-2009-04-21 (15-35-35).txt\par
\par
Scan type: Snelle Scan\par
Objecten gescand: 87264\par
Verstreken tijd: 7 minute(s), 2 second(s)\par
\par
Geheugenprocessen ge\'efnfecteerd: 0\par
Geheugenmodulen ge\'efnfecteerd: 0\par
Registersleutels ge\'efnfecteerd: 0\par
Registerwaarden ge\'efnfecteerd: 0\par
Registerdata bestanden ge\'efnfecteerd: 0\par
Mappen ge\'efnfecteerd: 0\par
Bestanden ge\'efnfecteerd: 0\par
\par
Geheugenprocessen ge\'efnfecteerd:\par
(Geen kwaadaardige items gevonden)\par
\par
Geheugenmodulen ge\'efnfecteerd:\par
(Geen kwaadaardige items gevonden)\par
\par
Registersleutels ge\'efnfecteerd:\par
(Geen kwaadaardige items gevonden)\par
\par
Registerwaarden ge\'efnfecteerd:\par
(Geen kwaadaardige items gevonden)\par
\par
Registerdata bestanden ge\'efnfecteerd:\par
(Geen kwaadaardige items gevonden)\par
\par
Mappen ge\'efnfecteerd:\par
(Geen kwaadaardige items gevonden)\par
\par
Bestanden ge\'efnfecteerd:\par
(Geen kwaadaardige items gevonden)\par
}

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:23, on 21/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\TweakRAM\TweakRAM.exe
H:\GiveAwayOfTheDay\History Explorer\HistoryExplorer.Service.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Sunbird\sunbird.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search - Web Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [Wireless LAN Card Utilities] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: sunbird.exe.lnk = C:\Program Files\Mozilla Sunbird\sunbird.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Sign In
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Elf%20Bowling%20Holiday%20Pack/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by12fd.bay12.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178228126671
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://www.chat-united.com/controls/msnchat45.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: History Explorer Service - Exendo - H:\GiveAwayOfTheDay\History Explorer\HistoryExplorer.Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11589 bytes

**kape** · 21 april 2009 15:31

Dit ziet er al goed uit, maar we gaan nog even verder kijken :

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

**Mikel** · 21 april 2009 17:47

Na wat moeite in het begin met AVG antivirus is het denk ik toch gelukt

ComboFix 09-04-21.A8 - Eigenaar 21/04/2009 18:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1023.435 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-03-21 to 2009-04-21 ))))))))))))))))))))))))))))))
.

2009-04-19 16:05 . 2009-04-19 16:05 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Malwarebytes
2009-04-19 16:05 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-19 16:05 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 16:05 . 2009-04-21 13:37 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 16:05 . 2009-04-19 16:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-18 22:08 . 2009-04-18 22:08 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Audio Editor Deluxe
2009-04-18 22:07 . 2006-03-23 10:56 113486 ----a-w c:\windows\system32\NCTWMAProfiles.prx
2009-04-18 22:07 . 2005-05-18 09:52 1212416 ----a-w c:\windows\system32\NCTAudioInformation2.dll
2009-04-18 22:07 . 2005-05-17 10:37 1986560 ----a-w c:\windows\system32\NCTAudioFile2.dll
2009-04-18 22:07 . 2005-04-25 11:01 458752 ----a-w c:\windows\system32\NCTAudioRecord2.dll
2009-04-18 22:07 . 2005-04-25 11:01 458752 ----a-w c:\windows\system32\NCTAudioPlayer2.dll
2009-04-18 22:07 . 2005-04-15 10:08 880640 ----a-w c:\windows\system32\NCTAudioEditor2.dll
2009-04-18 22:07 . 2005-04-04 15:21 602112 ----a-w c:\windows\system32\NCTAudioTransform2.dll
2009-04-18 22:07 . 2005-03-29 05:57 2084864 ----a-w c:\windows\system32\NCTAudioDesign2.dll
2009-04-18 22:07 . 2005-03-28 13:56 417792 ----a-w c:\windows\system32\NCTAudioDisplay2.dll
2009-04-18 22:07 . 2005-03-28 13:54 479232 ----a-w c:\windows\system32\NCTAudioVisualization2.dll
2009-04-18 22:07 . 2005-02-24 09:51 348160 ----a-w c:\windows\system32\NCTWMAFile2.dll
2009-04-18 22:07 . 2004-11-04 11:31 835584 ----a-w c:\windows\system32\NCTAudioCDGrabber2.dll
2009-04-18 20:07 . 2009-04-18 20:07 -------- d-----w c:\program files\Trend Micro
2009-04-18 16:23 . 2009-04-18 16:23 67 ----a-w c:\windows\wininit.ini
2009-04-16 20:47 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 20:47 . 2009-03-06 14:23 285696 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 20:47 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 20:47 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 20:47 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 20:47 . 2009-02-09 10:56 684544 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 20:47 . 2009-02-09 10:56 734208 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 20:47 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 20:47 . 2009-02-09 10:56 735744 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 20:46 . 2009-03-27 06:59 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 20:46 . 2008-04-21 21:16 218624 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 21:09 . 2009-02-23 15:15 85281 ------w c:\windows\hpgins01.dat.temp
2009-04-14 21:09 . 2004-05-13 20:33 145 ------w c:\windows\hpgmdl01.dat.temp
2009-04-14 21:08 . 2009-04-14 21:08 1409 ----a-w c:\windows\system32\tmpFF48D.FOT
2009-04-14 21:08 . 2009-04-14 21:08 1409 ----a-w c:\windows\system32\tmpD558D.FOT
2009-04-14 21:08 . 2009-04-14 21:08 1409 ----a-w c:\windows\system32\tmpBA58D.FOT
2009-04-14 21:08 . 2009-04-14 21:08 1409 ----a-w c:\windows\system32\tmpAD58D.FOT
2009-04-14 21:08 . 2009-04-14 21:08 1409 ----a-w c:\windows\system32\tmp9F58D.FOT
2009-04-14 21:08 . 2009-04-14 21:08 1409 ----a-w c:\windows\system32\tmp5148D.FOT
2009-04-14 21:08 . 2009-04-14 21:08 1409 ----a-w c:\windows\system32\tmp4D68D.FOT
2009-04-12 12:37 . 2009-04-12 12:37 -------- d-----w c:\documents and settings\All Users\Application Data\TERMINAL Studio
2009-04-08 17:00 . 2008-12-13 12:47 40496 ----a-w c:\windows\system32\drivers\hotcore3.sys
2009-04-08 16:57 . 2009-04-08 16:57 -------- d-----w c:\program files\Paragon Software
2009-04-07 22:08 . 2009-04-07 22:08 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Talkback
2009-04-05 16:45 . 2009-04-05 16:45 -------- d-----w c:\documents and settings\Eigenaar\Application Data\TERMINAL Studio
2009-04-05 16:43 . 2007-11-06 15:46 106496 ----a-w c:\windows\system32\Astro Gemini Screensaver Manager.scr
2009-04-05 16:43 . 2009-04-05 16:43 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Astro Gemini Software
2009-04-05 16:43 . 2009-04-05 16:43 -------- d-----w c:\program files\Astro Gemini Software
2009-04-05 16:43 . 2008-08-21 10:30 12636160 ----a-w c:\windows\system32\Dinosaurs 3D Screensaver.scr
2009-04-04 12:48 . 2009-04-04 12:56 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Jetbricks
2009-04-01 14:58 . 2009-04-01 14:58 -------- d-----w c:\documents and settings\Eigenaar\Local Settings\Application Data\FileMaker
2009-03-31 16:40 . 2009-03-31 16:40 -------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop
2009-03-28 11:20 . 2009-03-28 11:20 -------- d-----w c:\documents and settings\All Users\Application Data\Gameeel
2009-03-23 15:15 . 2009-03-23 15:15 23 ----a-w c:\windows\SWFDecompiler.INI
2009-03-23 15:13 . 2009-03-27 22:53 -------- d-----w c:\program files\Common Files\SourceTec

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 16:19 . 2005-04-29 17:48 -------- d-----w c:\program files\Mozilla Sunbird
2009-04-21 16:10 . 2008-07-28 10:30 -------- d-----w c:\program files\SPAMfighter
2009-04-21 16:08 . 2009-01-23 19:48 130477 ----a-w C:\aaw7boot.log
2009-04-21 15:18 . 2007-05-29 10:52 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-19 13:44 . 2009-03-16 11:58 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-17 22:31 . 2008-04-13 21:59 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-17 06:28 . 2004-08-04 12:00 580636 ----a-w c:\windows\system32\perfh013.dat
2009-04-17 06:28 . 2004-08-04 12:00 117582 ----a-w c:\windows\system32\perfc013.dat
2009-04-10 18:43 . 2008-05-26 17:40 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-05 20:36 . 2009-03-15 11:34 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Gold Casual Games
2009-04-05 20:36 . 2009-03-15 11:34 -------- d-----w c:\documents and settings\All Users\Application Data\Gold Casual Games
2009-04-01 16:48 . 2009-01-28 20:36 -------- d-----w c:\program files\DivX
2009-04-01 16:48 . 2009-01-03 13:56 -------- d-----w c:\program files\TweakRAM
2009-04-01 16:48 . 2008-11-25 21:56 -------- d-----w c:\program files\QuickTime
2009-04-01 16:48 . 2008-06-17 12:32 -------- d-----w c:\program files\FotoXpert
2009-04-01 16:48 . 2008-03-03 18:22 -------- d-----w c:\program files\Windows Live Toolbar
2009-04-01 16:48 . 2008-10-05 09:38 -------- d-----w c:\documents and settings\Eigenaar\Application Data\SpinTop
2009-03-31 14:00 . 2008-12-28 17:31 -------- d-----w c:\program files\WinUtilities
2009-03-31 13:15 . 2009-03-20 20:36 -------- d-----w c:\program files\Flexbyte Software
2009-03-31 09:55 . 2009-03-14 15:49 -------- d-----w c:\program files\JLC's Software
2009-03-28 07:12 . 2008-11-25 21:58 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Apple Computer
2009-03-24 14:16 . 2009-03-20 20:37 -------- d-----w c:\documents and settings\Eigenaar\Application Data\NetStat Agent
2009-03-24 14:15 . 2008-11-25 21:57 -------- d-----w c:\program files\Bonjour
2009-03-24 08:23 . 2005-04-02 07:13 -------- d-----w c:\program files\Google
2009-03-24 07:45 . 2009-01-15 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\History Explorer
2009-03-20 14:28 . 2005-03-29 13:23 282440 ----a-w c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-20 14:15 . 2009-03-20 14:15 -------- d-----w c:\program files\JRE
2009-03-20 14:15 . 2009-03-20 14:15 -------- d-----w c:\program files\OpenOffice.org 3
2009-03-19 09:06 . 2005-03-31 11:06 -------- d-----w c:\program files\Topcom
2009-03-18 23:48 . 2009-03-18 23:48 -------- d-----w c:\program files\Common Files\Bcgsoft
2009-03-18 00:17 . 2007-04-22 06:06 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-17 22:41 . 2009-03-17 22:41 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Windows Search
2009-03-17 22:41 . 2009-03-17 22:41 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Windows Desktop Search
2009-03-17 22:40 . 2009-03-17 22:40 -------- d-----w c:\program files\Windows Desktop Search
2009-03-17 22:20 . 2009-03-17 22:20 -------- d-----w c:\program files\Microsoft Works
2009-03-17 22:19 . 2007-02-05 10:01 -------- d-----w c:\program files\Microsoft.NET
2009-03-17 21:53 . 2009-02-05 16:56 -------- d-----w c:\program files\MSBuild
2009-03-17 16:26 . 2008-12-26 14:00 -------- d-----w c:\program files\Premium Booster
2009-03-16 11:27 . 2007-04-22 06:13 -------- d-----w c:\program files\Microsoft Small Business
2009-03-14 15:49 . 2009-03-14 15:49 -------- d-----w c:\documents and settings\Eigenaar\Application Data\JLC's Software
2009-03-14 08:31 . 2009-03-14 08:31 -------- d-----w c:\program files\SystemRequirementsLab
2009-03-14 08:31 . 2009-03-14 08:31 -------- d-----w c:\documents and settings\Eigenaar\Application Data\SystemRequirementsLab
2009-03-12 16:46 . 2008-04-14 10:56 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-11 16:28 . 2005-03-29 13:11 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 16:22 . 2005-04-06 12:19 -------- d-----w c:\program files\Pinnacle
2009-03-11 16:07 . 2009-03-08 17:16 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Vso
2009-03-09 16:12 . 2009-03-09 10:37 -------- d-----w c:\documents and settings\Eigenaar\Application Data\AVGTOOLBAR
2009-03-09 10:38 . 2008-05-26 17:40 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-09 10:37 . 2008-05-26 17:40 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-09 10:37 . 2008-05-26 17:39 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-08 17:16 . 2009-03-08 17:16 81920 ----a-w c:\documents and settings\Eigenaar\Application Data\ezpinst.exe
2009-03-08 17:16 . 2009-03-08 17:16 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-08 17:16 . 2009-03-08 17:16 47360 ----a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys
2009-03-07 23:20 . 2009-03-07 23:20 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Gamelab
2009-03-06 17:27 . 2009-01-23 17:48 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-06 17:27 . 2009-01-23 17:27 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-03-06 14:23 . 2004-08-04 12:00 285696 ----a-w c:\windows\system32\pdh.dll
2009-03-04 17:35 . 2008-11-25 20:51 -------- d-----w c:\program files\MultiStage Recovery
2009-03-03 00:16 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 22:44 . 2009-03-02 22:44 -------- d-----w c:\program files\Quicksys
2009-03-01 10:05 . 2009-03-01 10:01 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Archibald's Adventures
2009-03-01 07:19 . 2008-11-19 00:01 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-27 22:37 . 2009-02-27 22:37 -------- d-----w c:\documents and settings\All Users\Application Data\Quicksys
2009-02-27 21:21 . 2009-02-27 21:21 -------- d-----w c:\documents and settings\Eigenaar\Application Data\OpenOffice.org
2009-02-27 21:17 . 2009-02-26 12:11 -------- d-----w c:\program files\OpenOffice.org 2.4
2009-02-27 21:04 . 2008-08-07 19:39 -------- d-----w c:\documents and settings\Eigenaar\Application Data\OpenOffice.org2
2009-02-27 20:24 . 2009-02-27 17:29 -------- d-----w c:\documents and settings\Eigenaar\Application Data\RegTool
2009-02-26 12:03 . 2009-02-26 12:03 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-26 12:03 . 2006-10-29 03:14 -------- d-----w c:\program files\Java
2009-02-23 15:15 . 2005-04-04 12:27 85281 ------w c:\windows\hpgins01.dat
2009-02-23 15:14 . 2009-02-23 15:14 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-02-23 15:14 . 2005-04-04 12:28 -------- d-----w c:\program files\HP
2009-02-23 15:06 . 2005-03-31 20:50 -------- d-----w c:\program files\Hewlett-Packard
2009-02-23 14:25 . 2005-04-04 12:32 -------- d-----w c:\program files\Readiris Pro 9
2009-02-21 14:14 . 2009-02-21 14:14 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Sytexis Software
2009-02-20 17:18 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:08 . 2004-08-04 12:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:27 . 2004-08-04 00:58 2028544 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:27 . 2004-08-04 12:00 2149888 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:27 . 2004-08-04 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2004-08-04 12:00 734208 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2004-08-04 12:00 684544 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2004-08-04 12:00 735744 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-05 16:57 . 2009-02-05 16:57 432008 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-05-04 20:29 . 2008-05-04 20:29 9 ----a-w c:\documents and settings\Eigenaar\Application Data\mdb.bin
2008-04-03 18:09 . 2008-03-14 08:21 105272 ----a-w c:\documents and settings\Gast\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-11-03 16:51 . 2007-10-29 21:54 1452 ----a-w c:\documents and settings\Eigenaar\Emails.dat
2007-10-29 21:54 . 2007-10-29 21:54 10 ----a-w c:\documents and settings\Eigenaar\user.dat
2007-02-01 18:28 . 2005-04-23 16:08 56824 ----a-w c:\documents and settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT
2005-03-31 18:05 . 2005-03-31 18:05 131 ----a-w c:\documents and settings\Eigenaar\Local Settings\Application Data\fusioncache.dat
2008-08-30 08:56 . 2008-08-30 08:56 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008083020080831\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-21_15.28.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-21 16:10 . 2009-04-21 16:10 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_c48.dat
+ 2009-04-21 16:09 . 2009-04-21 16:09 16384 c:\windows\Temp\Perflib_Perfdata_8cc.dat
+ 2009-04-21 16:09 . 2009-04-21 16:09 16384 c:\windows\Temp\Perflib_Perfdata_620.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TweakRAM"="c:\program files\TweakRAM\TweakRAM.exe" [2008-12-20 1189888]
"Wireless LAN Card Utilities"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-09-18 1696768]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-18 333120]
"QuickTime Task"="c:\program files\QUICKTIME\QTTASK.EXE" [2008-11-04 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172032]

c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
sunbird.exe.lnk - c:\program files\Mozilla Sunbird\sunbird.exe [2005-4-29 6354540]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-09 10:37 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^Adobe Media Player.lnk]
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"snpstd3"=c:\windows\vsnpstd3.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QUICKTIME\QTTASK.EXE" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 ctredrv.sys;ctredrv.sys; [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\DRIVERS\STK017W2.sys [2003-11-17 99476]
R3 hitmanpro2;Hitman Pro 2 Driver;c:\program files\Hitman Pro\hitmanpro2.sys [2006-11-03 10336]
R3 USRPCI;USRobotics Wireless PCI Adapter Service; [x]
R3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.SYS [2004-04-21 16384]
S0 hotcore3;Hotcore helper;c:\windows\system32\DRIVERS\hotcore3.sys [2008-12-13 40496]
S0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2004-06-01 24971]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-06 64160]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-09 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-10 108552]
S1 DCxxMJPG;Pinnacle DC10plus, Motion-JPEG VideoIO Board;c:\windows\system32\drivers\DCxxMJPG.sys [2002-06-04 132940]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2008-12-26 95592]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-09 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-09 298264]
S2 History Explorer Service;History Explorer Service;h:\giveawayoftheday\History Explorer\HistoryExplorer.Service.exe [2009-01-06 51200]
S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-14 184968]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-09 16269]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]

.
Inhoud van de 'Gedeelde Taken' map

2009-04-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:27]

2009-04-21 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-04-21 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-19 16:02]

2009-04-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-29 13:38]

2009-04-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2009-03-15 c:\windows\Tasks\Wise Disk Cleaner 4.job
- h:\giveawayoftheday\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-03-15 19:12]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hln.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.be/ig?sourceid=navclient&hl=nl&ie=UTF-8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - Sign In
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\lob8pztu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.rocketdivision.com/search/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=nl-be&FORM=MICJE3&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 18:26
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-343818398-842925246-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Componen ts\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1992)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Voltooingstijd: 2009-04-21 18:28
ComboFix-quarantined-files.txt 2009-04-21 16:28
ComboFix2.txt 2009-04-21 15:30

Pre-Run: 10.769.453.056 bytes beschikbaar
Post-Run: 10.756.988.928 bytes beschikbaar

331 --- E O F --- 2009-04-16 23:36

Groetjes, Mikel

**kape** · 21 april 2009 21:19

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::
c:\windows\system32\tmpFF48D.FOT
c:\windows\system32\tmpD558D.FOT
c:\windows\system32\tmpBA58D.FOT
c:\windows\system32\tmpAD58D.FOT
c:\windows\system32\tmp9F58D.FOT
c:\windows\system32\tmp5148D.FOT
c:\windows\system32\tmp4D68D.FOT

Folder::
c:\program files\Hitman Pro

Driver::
ctredrv.sys
hitmanpro2.sys

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe
Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht en laat even weten of dit enige invloed heeft gehad ?

**Mikel** · 22 april 2009 10:17

Ik kan je melden dat m'n PC merkelijk vlugger opstart (in ongev. 2.30 min. en ook vlugger alslaat bij het stoppen).

Hier de log van Combofix

ComboFix 09-04-22.A0 - Eigenaar 22/04/2009 10:45.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1023.309 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt

FILE ::
c:\windows\system32\tmp4D68D.FOT
c:\windows\system32\tmp5148D.FOT
c:\windows\system32\tmp9F58D.FOT
c:\windows\system32\tmpAD58D.FOT
c:\windows\system32\tmpBA58D.FOT
c:\windows\system32\tmpD558D.FOT
c:\windows\system32\tmpFF48D.FOT
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Hitman Pro
c:\program files\Hitman Pro\blank.ini
c:\program files\Hitman Pro\Controls.ini
c:\program files\Hitman Pro\epcompilersigs.dat
c:\program files\Hitman Pro\eppackersigs.dat
c:\program files\Hitman Pro\hitmanpro2.sys
c:\program files\Hitman Pro\Language.ini
c:\program files\Hitman Pro\logs\buynow.gif
c:\program files\Hitman Pro\logs\Hitman_Pro_2005-05-29_16-58-26.htm
c:\program files\Hitman Pro\logs\Hitman_Pro_2005-05-29_17-00-40.htm
c:\program files\Hitman Pro\logs\Hitman_Pro_2008-04-14_00-31-27.htm
c:\program files\Hitman Pro\logs\Hitman_Pro_2008-04-14_00-36-19.htm
c:\program files\Hitman Pro\logs\Hitman_Pro_2008-04-14_09-57-40.htm
c:\program files\Hitman Pro\logs\hitmanpro.jpg
c:\program files\Hitman Pro\MRCAgent.exe
c:\program files\Hitman Pro\roamingsigs
c:\program files\Hitman Pro\sigcheck.exe
c:\program files\Hitman Pro\StriderCache.ini
c:\windows\system32\tmp4D68D.FOT
c:\windows\system32\tmp5148D.FOT
c:\windows\system32\tmp9F58D.FOT
c:\windows\system32\tmpAD58D.FOT
c:\windows\system32\tmpBA58D.FOT
c:\windows\system32\tmpD558D.FOT
c:\windows\system32\tmpFF48D.FOT

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CTREDRV.SYS
-------\Service_ctredrv.sys

(((((((((((((((((((( Bestanden Gemaakt van 2009-03-22 to 2009-04-22 ))))))))))))))))))))))))))))))
.

2009-04-19 16:05 . 2009-04-19 16:05 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Malwarebytes
2009-04-19 16:05 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-19 16:05 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 16:05 . 2009-04-21 13:37 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 16:05 . 2009-04-19 16:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-18 22:08 . 2009-04-18 22:08 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Audio Editor Deluxe
2009-04-18 22:07 . 2006-03-23 10:56 113486 ----a-w c:\windows\system32\NCTWMAProfiles.prx
2009-04-18 22:07 . 2005-05-18 09:52 1212416 ----a-w c:\windows\system32\NCTAudioInformation2.dll
2009-04-18 22:07 . 2005-05-17 10:37 1986560 ----a-w c:\windows\system32\NCTAudioFile2.dll
2009-04-18 22:07 . 2005-04-25 11:01 458752 ----a-w c:\windows\system32\NCTAudioRecord2.dll
2009-04-18 22:07 . 2005-04-25 11:01 458752 ----a-w c:\windows\system32\NCTAudioPlayer2.dll
2009-04-18 22:07 . 2005-04-15 10:08 880640 ----a-w c:\windows\system32\NCTAudioEditor2.dll
2009-04-18 22:07 . 2005-04-04 15:21 602112 ----a-w c:\windows\system32\NCTAudioTransform2.dll
2009-04-18 22:07 . 2005-03-29 05:57 2084864 ----a-w c:\windows\system32\NCTAudioDesign2.dll
2009-04-18 22:07 . 2005-03-28 13:56 417792 ----a-w c:\windows\system32\NCTAudioDisplay2.dll
2009-04-18 22:07 . 2005-03-28 13:54 479232 ----a-w c:\windows\system32\NCTAudioVisualization2.dll
2009-04-18 22:07 . 2005-02-24 09:51 348160 ----a-w c:\windows\system32\NCTWMAFile2.dll
2009-04-18 22:07 . 2004-11-04 11:31 835584 ----a-w c:\windows\system32\NCTAudioCDGrabber2.dll
2009-04-18 20:07 . 2009-04-18 20:07 -------- d-----w c:\program files\Trend Micro
2009-04-18 16:23 . 2009-04-18 16:23 67 ----a-w c:\windows\wininit.ini
2009-04-16 20:47 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 20:47 . 2009-03-06 14:23 285696 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 20:47 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 20:47 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 20:47 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 20:47 . 2009-02-09 10:56 684544 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 20:47 . 2009-02-09 10:56 734208 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 20:47 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 20:47 . 2009-02-09 10:56 735744 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 20:46 . 2009-03-27 06:59 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 20:46 . 2008-04-21 21:16 218624 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 21:09 . 2009-02-23 15:15 85281 ------w c:\windows\hpgins01.dat.temp
2009-04-14 21:09 . 2004-05-13 20:33 145 ------w c:\windows\hpgmdl01.dat.temp
2009-04-12 12:37 . 2009-04-12 12:37 -------- d-----w c:\documents and settings\All Users\Application Data\TERMINAL Studio
2009-04-08 17:00 . 2008-12-13 12:47 40496 ----a-w c:\windows\system32\drivers\hotcore3.sys
2009-04-08 16:57 . 2009-04-08 16:57 -------- d-----w c:\program files\Paragon Software
2009-04-07 22:08 . 2009-04-07 22:08 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Talkback
2009-04-05 16:45 . 2009-04-05 16:45 -------- d-----w c:\documents and settings\Eigenaar\Application Data\TERMINAL Studio
2009-04-05 16:43 . 2007-11-06 15:46 106496 ----a-w c:\windows\system32\Astro Gemini Screensaver Manager.scr
2009-04-05 16:43 . 2009-04-05 16:43 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Astro Gemini Software
2009-04-05 16:43 . 2009-04-05 16:43 -------- d-----w c:\program files\Astro Gemini Software
2009-04-05 16:43 . 2008-08-21 10:30 12636160 ----a-w c:\windows\system32\Dinosaurs 3D Screensaver.scr
2009-04-04 12:48 . 2009-04-04 12:56 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Jetbricks
2009-04-01 14:58 . 2009-04-01 14:58 -------- d-----w c:\documents and settings\Eigenaar\Local Settings\Application Data\FileMaker
2009-03-31 16:40 . 2009-03-31 16:40 -------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop
2009-03-28 11:20 . 2009-03-28 11:20 -------- d-----w c:\documents and settings\All Users\Application Data\Gameeel
2009-03-23 15:15 . 2009-03-23 15:15 23 ----a-w c:\windows\SWFDecompiler.INI
2009-03-23 15:13 . 2009-03-27 22:53 -------- d-----w c:\program files\Common Files\SourceTec

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 08:54 . 2008-07-28 10:30 -------- d-----w c:\program files\SPAMfighter
2009-04-22 08:53 . 2005-04-29 17:48 -------- d-----w c:\program files\Mozilla Sunbird
2009-04-22 08:52 . 2009-01-23 19:48 132269 ----a-w C:\aaw7boot.log
2009-04-21 16:53 . 2009-04-21 16:53 26476 ----a-w C:\log21-04-09.txt
2009-04-21 16:36 . 2009-04-21 16:36 26476 ----a-w C:\log.txt
2009-04-21 15:18 . 2007-05-29 10:52 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-19 13:44 . 2009-03-16 11:58 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-17 22:31 . 2008-04-13 21:59 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-17 06:28 . 2004-08-04 12:00 580636 ----a-w c:\windows\system32\perfh013.dat
2009-04-17 06:28 . 2004-08-04 12:00 117582 ----a-w c:\windows\system32\perfc013.dat
2009-04-10 18:43 . 2008-05-26 17:40 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-05 20:36 . 2009-03-15 11:34 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Gold Casual Games
2009-04-05 20:36 . 2009-03-15 11:34 -------- d-----w c:\documents and settings\All Users\Application Data\Gold Casual Games
2009-04-01 16:48 . 2009-01-28 20:36 -------- d-----w c:\program files\DivX
2009-04-01 16:48 . 2009-01-03 13:56 -------- d-----w c:\program files\TweakRAM
2009-04-01 16:48 . 2008-11-25 21:56 -------- d-----w c:\program files\QuickTime
2009-04-01 16:48 . 2008-06-17 12:32 -------- d-----w c:\program files\FotoXpert
2009-04-01 16:48 . 2008-03-03 18:22 -------- d-----w c:\program files\Windows Live Toolbar
2009-04-01 16:48 . 2008-10-05 09:38 -------- d-----w c:\documents and settings\Eigenaar\Application Data\SpinTop
2009-03-31 14:00 . 2008-12-28 17:31 -------- d-----w c:\program files\WinUtilities
2009-03-31 13:15 . 2009-03-20 20:36 -------- d-----w c:\program files\Flexbyte Software
2009-03-31 09:55 . 2009-03-14 15:49 -------- d-----w c:\program files\JLC's Software
2009-03-28 07:12 . 2008-11-25 21:58 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Apple Computer
2009-03-24 14:16 . 2009-03-20 20:37 -------- d-----w c:\documents and settings\Eigenaar\Application Data\NetStat Agent
2009-03-24 14:15 . 2008-11-25 21:57 -------- d-----w c:\program files\Bonjour
2009-03-24 08:23 . 2005-04-02 07:13 -------- d-----w c:\program files\Google
2009-03-24 07:45 . 2009-01-15 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\History Explorer
2009-03-20 14:28 . 2005-03-29 13:23 282440 ----a-w c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-20 14:15 . 2009-03-20 14:15 -------- d-----w c:\program files\JRE
2009-03-20 14:15 . 2009-03-20 14:15 -------- d-----w c:\program files\OpenOffice.org 3
2009-03-19 09:06 . 2005-03-31 11:06 -------- d-----w c:\program files\Topcom
2009-03-18 23:48 . 2009-03-18 23:48 -------- d-----w c:\program files\Common Files\Bcgsoft
2009-03-18 00:17 . 2007-04-22 06:06 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-17 22:41 . 2009-03-17 22:41 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Windows Search
2009-03-17 22:41 . 2009-03-17 22:41 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Windows Desktop Search
2009-03-17 22:40 . 2009-03-17 22:40 -------- d-----w c:\program files\Windows Desktop Search
2009-03-17 22:20 . 2009-03-17 22:20 -------- d-----w c:\program files\Microsoft Works
2009-03-17 22:19 . 2007-02-05 10:01 -------- d-----w c:\program files\Microsoft.NET
2009-03-17 21:53 . 2009-02-05 16:56 -------- d-----w c:\program files\MSBuild
2009-03-17 16:26 . 2008-12-26 14:00 -------- d-----w c:\program files\Premium Booster
2009-03-16 11:27 . 2007-04-22 06:13 -------- d-----w c:\program files\Microsoft Small Business
2009-03-14 15:49 . 2009-03-14 15:49 -------- d-----w c:\documents and settings\Eigenaar\Application Data\JLC's Software
2009-03-14 08:31 . 2009-03-14 08:31 -------- d-----w c:\program files\SystemRequirementsLab
2009-03-14 08:31 . 2009-03-14 08:31 -------- d-----w c:\documents and settings\Eigenaar\Application Data\SystemRequirementsLab
2009-03-12 16:46 . 2008-04-14 10:56 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-11 16:28 . 2005-03-29 13:11 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 16:22 . 2005-04-06 12:19 -------- d-----w c:\program files\Pinnacle
2009-03-11 16:07 . 2009-03-08 17:16 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Vso
2009-03-09 16:12 . 2009-03-09 10:37 -------- d-----w c:\documents and settings\Eigenaar\Application Data\AVGTOOLBAR
2009-03-09 10:38 . 2008-05-26 17:40 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-09 10:37 . 2008-05-26 17:40 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-09 10:37 . 2008-05-26 17:39 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-08 17:16 . 2009-03-08 17:16 81920 ----a-w c:\documents and settings\Eigenaar\Application Data\ezpinst.exe
2009-03-08 17:16 . 2009-03-08 17:16 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-08 17:16 . 2009-03-08 17:16 47360 ----a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys
2009-03-07 23:20 . 2009-03-07 23:20 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Gamelab
2009-03-06 17:27 . 2009-01-23 17:48 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-06 17:27 . 2009-01-23 17:27 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-03-06 14:23 . 2004-08-04 12:00 285696 ----a-w c:\windows\system32\pdh.dll
2009-03-04 17:35 . 2008-11-25 20:51 -------- d-----w c:\program files\MultiStage Recovery
2009-03-03 00:16 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 22:44 . 2009-03-02 22:44 -------- d-----w c:\program files\Quicksys
2009-03-01 10:05 . 2009-03-01 10:01 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Archibald's Adventures
2009-03-01 07:19 . 2008-11-19 00:01 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-27 22:37 . 2009-02-27 22:37 -------- d-----w c:\documents and settings\All Users\Application Data\Quicksys
2009-02-27 21:21 . 2009-02-27 21:21 -------- d-----w c:\documents and settings\Eigenaar\Application Data\OpenOffice.org
2009-02-27 21:17 . 2009-02-26 12:11 -------- d-----w c:\program files\OpenOffice.org 2.4
2009-02-27 21:04 . 2008-08-07 19:39 -------- d-----w c:\documents and settings\Eigenaar\Application Data\OpenOffice.org2
2009-02-27 20:24 . 2009-02-27 17:29 -------- d-----w c:\documents and settings\Eigenaar\Application Data\RegTool
2009-02-26 12:03 . 2009-02-26 12:03 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-26 12:03 . 2006-10-29 03:14 -------- d-----w c:\program files\Java
2009-02-23 15:15 . 2005-04-04 12:27 85281 ------w c:\windows\hpgins01.dat
2009-02-23 15:14 . 2009-02-23 15:14 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-02-23 15:14 . 2005-04-04 12:28 -------- d-----w c:\program files\HP
2009-02-23 15:06 . 2005-03-31 20:50 -------- d-----w c:\program files\Hewlett-Packard
2009-02-23 14:25 . 2005-04-04 12:32 -------- d-----w c:\program files\Readiris Pro 9
2009-02-21 14:14 . 2009-02-21 14:14 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Sytexis Software
2009-02-20 17:18 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:08 . 2004-08-04 12:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:27 . 2004-08-04 00:58 2028544 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:27 . 2004-08-04 12:00 2149888 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:27 . 2004-08-04 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2004-08-04 12:00 734208 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2004-08-04 12:00 684544 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2004-08-04 12:00 735744 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-05 16:57 . 2009-02-05 16:57 432008 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-05-04 20:29 . 2008-05-04 20:29 9 ----a-w c:\documents and settings\Eigenaar\Application Data\mdb.bin
2008-04-03 18:09 . 2008-03-14 08:21 105272 ----a-w c:\documents and settings\Gast\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-11-03 16:51 . 2007-10-29 21:54 1452 ----a-w c:\documents and settings\Eigenaar\Emails.dat
2007-10-29 21:54 . 2007-10-29 21:54 10 ----a-w c:\documents and settings\Eigenaar\user.dat
2007-02-01 18:28 . 2005-04-23 16:08 56824 ----a-w c:\documents and settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT
2005-03-31 18:05 . 2005-03-31 18:05 131 ----a-w c:\documents and settings\Eigenaar\Local Settings\Application Data\fusioncache.dat
2008-08-30 08:56 . 2008-08-30 08:56 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008083020080831\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-21_15.28.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-22 08:53 . 2009-04-22 08:53 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_bf4.dat
+ 2009-04-22 08:29 . 2009-04-22 08:29 16384 c:\windows\Temp\Perflib_Perfdata_64c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TweakRAM"="c:\program files\TweakRAM\TweakRAM.exe" [2008-12-20 1189888]
"Wireless LAN Card Utilities"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-09-18 1696768]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-18 333120]
"QuickTime Task"="c:\program files\QUICKTIME\QTTask.exe" [2008-11-04 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-09 1932568]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-01-03 1385472]

c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
sunbird.exe.lnk - c:\program files\Mozilla Sunbird\sunbird.exe [2005-4-29 6354540]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-09 10:37 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^Adobe Media Player.lnk]
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"snpstd3"=c:\windows\vsnpstd3.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QUICKTIME\QTTASK.EXE" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\DRIVERS\STK017W2.sys [2003-11-17 99476]
R3 hitmanpro2;Hitman Pro 2 Driver; [x]
R3 USRPCI;USRobotics Wireless PCI Adapter Service; [x]
R3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.SYS [2004-04-21 16384]
S0 hotcore3;Hotcore helper;c:\windows\system32\DRIVERS\hotcore3.sys [2008-12-13 40496]
S0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2004-06-01 24971]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-06 64160]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-09 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-10 108552]
S1 DCxxMJPG;Pinnacle DC10plus, Motion-JPEG VideoIO Board;c:\windows\system32\drivers\DCxxMJPG.sys [2002-06-04 132940]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2008-12-26 95592]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-09 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-09 298264]
S2 History Explorer Service;History Explorer Service;h:\giveawayoftheday\History Explorer\HistoryExplorer.Service.exe [2009-01-06 51200]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-14 184968]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-09 16269]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]

.
Inhoud van de 'Gedeelde Taken' map

2009-04-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:27]

2009-04-22 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-04-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-19 16:02]

2009-04-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-29 13:38]

2009-04-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2009-03-15 c:\windows\Tasks\Wise Disk Cleaner 4.job
- h:\giveawayoftheday\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-03-15 19:12]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hln.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.be/ig?sourceid=navclient&hl=nl&ie=UTF-8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - Sign In
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\lob8pztu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.rocketdivision.com/search/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=nl-be&FORM=MICJE3&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 10:54
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-343818398-842925246-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Componen ts\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3600)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\gearsec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\searchindexer.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Voltooingstijd: 2009-04-22 11:03 - machine werd herstart
ComboFix-quarantined-files.txt 2009-04-22 09:03
ComboFix2.txt 2009-04-21 16:28
ComboFix3.txt 2009-04-21 15:30

Pre-Run: 10.671.685.632 bytes beschikbaar
Post-Run: 10.549.395.456 bytes beschikbaar

391 --- E O F --- 2009-04-22 08:02

Nogmaals veel dank, Mikel

**kape** · 22 april 2009 11:30

Oorspronkelijk geplaatst door Mikel

Ik kan je melden dat m'n PC merkelijk vlugger opstart (in ongev. 2.30 min. en ook vlugger alslaat bij het stoppen)

Dat is prima nieuws ... en je logjes zien er nu ook goed uit

Dit mag je doen om de resten van de besmetting op te ruimen :

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u
Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

**Mikel** · 22 april 2009 18:12

Ik heb alles uitgevoerd zoals je me aangeprezen hebt en ik kan je meedelen dat m'n computer nu weer goed werkt.

Ik wil je nogmaals van harte bedanken voor de snelle reactie op mijn vraag en vooral op de goede werking en opvolging van het gebeuren. Ik denk wel dat ik deze zaak als opgelost kan beschouwen tenzij je nog enkele uit te voeren bewerkingen voor mij in petto hebt.

Nog een Dikke proficiat aan het bestaan en vooral aan alle medewerkers van deze Site.

Mikel

Discussie: [OPGELOST] Computer start traag op en afsluiten is ook traag

LinkBack

Discussietools

[OPGELOST] Computer start traag op en afsluiten is ook traag

De volgende gebruikers bedanken kweezie wabbit voor deze nuttige post:

De volgende gebruikers bedanken kape voor deze nuttige post:

De volgende gebruikers bedanken kape voor deze nuttige post:

De volgende gebruikers bedanken kape voor deze nuttige post:

De volgende gebruikers bedanken kape voor deze nuttige post:

Soortgelijke discussies

traag afsluiten

traag opstarten computer

laptop start traag op en werkt traag

[OPGELOST] Traag opstarten en traag programmas openen

computer is zeer traag

Labels voor deze discussie

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten