[OPGELOST] Computer start traag op en afsluiten is ook traag

M'n computer start sinds enige tijd traag op en ik heb er reeds verschillende registercanners en diskcleaners op losgelaten maar er is geen noemenswaardige verbetering. Nu heb ik HijackThis geinstaleert en een scan genomen.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:18:36, on 20/04/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\TweakRAM\TweakRAM.exe

H:\GiveAwayOfTheDay\History Explorer\HistoryExplorer.Service.exe

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Mozilla Sunbird\sunbird.exe

C:\Program Files\SPAMfighter\sfus.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Rocket Division Software\StarWind Lite\StarWindServiceLite.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search - Web Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe

O4 - HKCU\..\Run: [Wireless LAN Card Utilities] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: sunbird.exe.lnk = C:\Program Files\Mozilla Sunbird\sunbird.exe

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - Sign In

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Elf%20Bowling%20Holiday%20Pack/Images/stg_drm.ocx

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178228126671

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/DDD%20Pool/Images/armhelper.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://www.chat-united.com/controls/msnchat45.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: History Explorer Service - Exendo - H:\GiveAwayOfTheDay\History Explorer\HistoryExplorer.Service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

O23 - Service: StarWind Service Lite (StarWindServiceLite) - Rocket Division Software - C:\Program Files\Rocket Division Software\StarWind Lite\StarWindServiceLite.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 12420 bytes

Ik denk dat m'n computer besmet is met jestertb.dll . AVG duit geen virus aan. Kan iemand me zeggen wat me te doen staat?

Dank bij voorbaat. Mikel

Ik zal aan onze specialist vragen om er een oogje op te werpen.

Ga naar Start - Uitvoeren en tik in: sc stop StarWindServiceLite

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete StarWindServiceLite

Druk op Enter.

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Elf%20Bowling%20Holiday%20Pack/Images/stg_drm.ocx

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/DDD%20Pool/Images/armhelper.ocx

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.

Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Eerst en vooral van harte bedankt voor de vlugge reactie.

Ik heb alles uitgevoerd zoals je beschreven hebt. Ik werk met Windows XP met servisp 3. Ik had nu reeds de indruk dat de computer ietsje sneller opstarte na MBam. In ieder geval nogmaals bedankt aan kxeezie wabbit en zeker ook aan de specialist kape

Hier het bestandje van MBAM en eronder dat van HijackThis

{\rtf1\ansi\ansicpg1252\deff0\deflang2067{\fonttbl{\f0\fswiss\fcharset0 Arial;}}

{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\f0\fs20 Malwarebytes' Anti-Malware 1.36\par

Database versie: 1945\par

Windows 5.1.2600 Service Pack 3\par

\par

21/04/2009 15:35:35\par

mbam-log-2009-04-21 (15-35-35).txt\par

\par

Scan type: Snelle Scan\par

Objecten gescand: 87264\par

Verstreken tijd: 7 minute(s), 2 second(s)\par

\par

Geheugenprocessen ge\'efnfecteerd: 0\par

Geheugenmodulen ge\'efnfecteerd: 0\par

Registersleutels ge\'efnfecteerd: 0\par

Registerwaarden ge\'efnfecteerd: 0\par

Registerdata bestanden ge\'efnfecteerd: 0\par

Mappen ge\'efnfecteerd: 0\par

Bestanden ge\'efnfecteerd: 0\par

\par

Geheugenprocessen ge\'efnfecteerd:\par

(Geen kwaadaardige items gevonden)\par

\par

Geheugenmodulen ge\'efnfecteerd:\par

(Geen kwaadaardige items gevonden)\par

\par

Registersleutels ge\'efnfecteerd:\par

(Geen kwaadaardige items gevonden)\par

\par

Registerwaarden ge\'efnfecteerd:\par

(Geen kwaadaardige items gevonden)\par

\par

Registerdata bestanden ge\'efnfecteerd:\par

(Geen kwaadaardige items gevonden)\par

\par

Mappen ge\'efnfecteerd:\par

(Geen kwaadaardige items gevonden)\par

\par

Bestanden ge\'efnfecteerd:\par

(Geen kwaadaardige items gevonden)\par

}

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:42:23, on 21/04/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\TweakRAM\TweakRAM.exe

H:\GiveAwayOfTheDay\History Explorer\HistoryExplorer.Service.exe

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Mozilla Sunbird\sunbird.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\SPAMfighter\sfus.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search - Web Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Search

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe

O4 - HKCU\..\Run: [Wireless LAN Card Utilities] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: sunbird.exe.lnk = C:\Program Files\Mozilla Sunbird\sunbird.exe

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - Sign In

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Elf%20Bowling%20Holiday%20Pack/Images/stg_drm.ocx

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178228126671

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://www.chat-united.com/controls/msnchat45.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: History Explorer Service - Exendo - H:\GiveAwayOfTheDay\History Explorer\HistoryExplorer.Service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 11589 bytes

Dit ziet er al goed uit, maar we gaan nog even verder kijken :

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• 
  Dubbelklik op Combofix.exe om het te starten.
  Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
  Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
  Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  Klik na afloop terug op Ja om het scannen op malware te starten.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Na wat moeite in het begin met AVG antivirus is het denk ik toch gelukt

ComboFix 09-04-21.A8 - Eigenaar 21/04/2009 18:22.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1023.435 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-03-21 to 2009-04-21 ))))))))))))))))))))))))))))))

.

2009-04-19 16:05 . 2009-04-19 16:05 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Malwarebytes

2009-04-19 16:05 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-19 16:05 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-19 16:05 . 2009-04-21 13:37 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-19 16:05 . 2009-04-19 16:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-18 22:08 . 2009-04-18 22:08 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Audio Editor Deluxe

2009-04-18 22:07 . 2006-03-23 10:56 113486 ----a-w c:\windows\system32\NCTWMAProfiles.prx

2009-04-18 22:07 . 2005-05-18 09:52 1212416 ----a-w c:\windows\system32\NCTAudioInformation2.dll

2009-04-18 22:07 . 2005-05-17 10:37 1986560 ----a-w c:\windows\system32\NCTAudioFile2.dll

2009-04-18 22:07 . 2005-04-25 11:01 458752 ----a-w c:\windows\system32\NCTAudioRecord2.dll

2009-04-18 22:07 . 2005-04-25 11:01 458752 ----a-w c:\windows\system32\NCTAudioPlayer2.dll

2009-04-18 22:07 . 2005-04-15 10:08 880640 ----a-w c:\windows\system32\NCTAudioEditor2.dll

2009-04-18 22:07 . 2005-04-04 15:21 602112 ----a-w c:\windows\system32\NCTAudioTransform2.dll

2009-04-18 22:07 . 2005-03-29 05:57 2084864 ----a-w c:\windows\system32\NCTAudioDesign2.dll

2009-04-18 22:07 . 2005-03-28 13:56 417792 ----a-w c:\windows\system32\NCTAudioDisplay2.dll

2009-04-18 22:07 . 2005-03-28 13:54 479232 ----a-w c:\windows\system32\NCTAudioVisualization2.dll

2009-04-18 22:07 . 2005-02-24 09:51 348160 ----a-w c:\windows\system32\NCTWMAFile2.dll

2009-04-18 22:07 . 2004-11-04 11:31 835584 ----a-w c:\windows\system32\NCTAudioCDGrabber2.dll

2009-04-18 20:07 . 2009-04-18 20:07 -------- d-----w c:\program files\Trend Micro

2009-04-18 16:23 . 2009-04-18 16:23 67 ----a-w c:\windows\wininit.ini

2009-04-16 20:47 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-16 20:47 . 2009-03-06 14:23 285696 -c----w c:\windows\system32\dllcache\pdh.dll

2009-04-16 20:47 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe

2009-04-16 20:47 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

2009-04-16 20:47 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

2009-04-16 20:47 . 2009-02-09 10:56 684544 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-04-16 20:47 . 2009-02-09 10:56 734208 -c----w c:\windows\system32\dllcache\lsasrv.dll

2009-04-16 20:47 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-16 20:47 . 2009-02-09 10:56 735744 -c----w c:\windows\system32\dllcache\ntdll.dll

2009-04-16 20:46 . 2009-03-27 06:59 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb

2009-04-16 20:46 . 2008-04-21 21:16 218624 -c----w c:\windows\system32\dllcache\wordpad.exe

2009-04-14 21:09 . 2009-02-23 15:15 85281 ------w c:\windows\hpgins01.dat.temp

2009-04-14 21:09 . 2004-05-13 20:33 145 ------w c:\windows\hpgmdl01.dat.temp

2009-04-14 21:08 . 2009-04-14 21:08 1409 ----a-w c:\windows\system32\tmpFF48D.FOT

2009-04-14 21:08 . 2009-04-14 21:08 1409 ----a-w c:\windows\system32\tmpD558D.FOT

2009-04-14 21:08 . 2009-04-14 21:08 1409 ----a-w c:\windows\system32\tmpBA58D.FOT

2009-04-14 21:08 . 2009-04-14 21:08 1409 ----a-w c:\windows\system32\tmpAD58D.FOT

2009-04-14 21:08 . 2009-04-14 21:08 1409 ----a-w c:\windows\system32\tmp9F58D.FOT

2009-04-14 21:08 . 2009-04-14 21:08 1409 ----a-w c:\windows\system32\tmp5148D.FOT

2009-04-14 21:08 . 2009-04-14 21:08 1409 ----a-w c:\windows\system32\tmp4D68D.FOT

2009-04-12 12:37 . 2009-04-12 12:37 -------- d-----w c:\documents and settings\All Users\Application Data\TERMINAL Studio

2009-04-08 17:00 . 2008-12-13 12:47 40496 ----a-w c:\windows\system32\drivers\hotcore3.sys

2009-04-08 16:57 . 2009-04-08 16:57 -------- d-----w c:\program files\Paragon Software

2009-04-07 22:08 . 2009-04-07 22:08 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Talkback

2009-04-05 16:45 . 2009-04-05 16:45 -------- d-----w c:\documents and settings\Eigenaar\Application Data\TERMINAL Studio

2009-04-05 16:43 . 2007-11-06 15:46 106496 ----a-w c:\windows\system32\Astro Gemini Screensaver Manager.scr

2009-04-05 16:43 . 2009-04-05 16:43 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Astro Gemini Software

2009-04-05 16:43 . 2009-04-05 16:43 -------- d-----w c:\program files\Astro Gemini Software

2009-04-05 16:43 . 2008-08-21 10:30 12636160 ----a-w c:\windows\system32\Dinosaurs 3D Screensaver.scr

2009-04-04 12:48 . 2009-04-04 12:56 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Jetbricks

2009-04-01 14:58 . 2009-04-01 14:58 -------- d-----w c:\documents and settings\Eigenaar\Local Settings\Application Data\FileMaker

2009-03-31 16:40 . 2009-03-31 16:40 -------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop

2009-03-28 11:20 . 2009-03-28 11:20 -------- d-----w c:\documents and settings\All Users\Application Data\Gameeel

2009-03-23 15:15 . 2009-03-23 15:15 23 ----a-w c:\windows\SWFDecompiler.INI

2009-03-23 15:13 . 2009-03-27 22:53 -------- d-----w c:\program files\Common Files\SourceTec

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-21 16:19 . 2005-04-29 17:48 -------- d-----w c:\program files\Mozilla Sunbird

2009-04-21 16:10 . 2008-07-28 10:30 -------- d-----w c:\program files\SPAMfighter

2009-04-21 16:08 . 2009-01-23 19:48 130477 ----a-w C:\aaw7boot.log

2009-04-21 15:18 . 2007-05-29 10:52 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater

2009-04-19 13:44 . 2009-03-16 11:58 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-04-17 22:31 . 2008-04-13 21:59 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-04-17 06:28 . 2004-08-04 12:00 580636 ----a-w c:\windows\system32\perfh013.dat

2009-04-17 06:28 . 2004-08-04 12:00 117582 ----a-w c:\windows\system32\perfc013.dat

2009-04-10 18:43 . 2008-05-26 17:40 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-04-05 20:36 . 2009-03-15 11:34 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Gold Casual Games

2009-04-05 20:36 . 2009-03-15 11:34 -------- d-----w c:\documents and settings\All Users\Application Data\Gold Casual Games

2009-04-01 16:48 . 2009-01-28 20:36 -------- d-----w c:\program files\DivX

2009-04-01 16:48 . 2009-01-03 13:56 -------- d-----w c:\program files\TweakRAM

2009-04-01 16:48 . 2008-11-25 21:56 -------- d-----w c:\program files\QuickTime

2009-04-01 16:48 . 2008-06-17 12:32 -------- d-----w c:\program files\FotoXpert

2009-04-01 16:48 . 2008-03-03 18:22 -------- d-----w c:\program files\Windows Live Toolbar

2009-04-01 16:48 . 2008-10-05 09:38 -------- d-----w c:\documents and settings\Eigenaar\Application Data\SpinTop

2009-03-31 14:00 . 2008-12-28 17:31 -------- d-----w c:\program files\WinUtilities

2009-03-31 13:15 . 2009-03-20 20:36 -------- d-----w c:\program files\Flexbyte Software

2009-03-31 09:55 . 2009-03-14 15:49 -------- d-----w c:\program files\JLC's Software

2009-03-28 07:12 . 2008-11-25 21:58 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Apple Computer

2009-03-24 14:16 . 2009-03-20 20:37 -------- d-----w c:\documents and settings\Eigenaar\Application Data\NetStat Agent

2009-03-24 14:15 . 2008-11-25 21:57 -------- d-----w c:\program files\Bonjour

2009-03-24 08:23 . 2005-04-02 07:13 -------- d-----w c:\program files\Google

2009-03-24 07:45 . 2009-01-15 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\History Explorer

2009-03-20 14:28 . 2005-03-29 13:23 282440 ----a-w c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-03-20 14:15 . 2009-03-20 14:15 -------- d-----w c:\program files\JRE

2009-03-20 14:15 . 2009-03-20 14:15 -------- d-----w c:\program files\OpenOffice.org 3

2009-03-19 09:06 . 2005-03-31 11:06 -------- d-----w c:\program files\Topcom

2009-03-18 23:48 . 2009-03-18 23:48 -------- d-----w c:\program files\Common Files\Bcgsoft

2009-03-18 00:17 . 2007-04-22 06:06 -------- d-----w c:\program files\Microsoft SQL Server

2009-03-17 22:41 . 2009-03-17 22:41 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Windows Search

2009-03-17 22:41 . 2009-03-17 22:41 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Windows Desktop Search

2009-03-17 22:40 . 2009-03-17 22:40 -------- d-----w c:\program files\Windows Desktop Search

2009-03-17 22:20 . 2009-03-17 22:20 -------- d-----w c:\program files\Microsoft Works

2009-03-17 22:19 . 2007-02-05 10:01 -------- d-----w c:\program files\Microsoft.NET

2009-03-17 21:53 . 2009-02-05 16:56 -------- d-----w c:\program files\MSBuild

2009-03-17 16:26 . 2008-12-26 14:00 -------- d-----w c:\program files\Premium Booster

2009-03-16 11:27 . 2007-04-22 06:13 -------- d-----w c:\program files\Microsoft Small Business

2009-03-14 15:49 . 2009-03-14 15:49 -------- d-----w c:\documents and settings\Eigenaar\Application Data\JLC's Software

2009-03-14 08:31 . 2009-03-14 08:31 -------- d-----w c:\program files\SystemRequirementsLab

2009-03-14 08:31 . 2009-03-14 08:31 -------- d-----w c:\documents and settings\Eigenaar\Application Data\SystemRequirementsLab

2009-03-12 16:46 . 2008-04-14 10:56 -------- d-----w c:\program files\Spybot - Search & Destroy

2009-03-11 16:28 . 2005-03-29 13:11 -------- d--h--w c:\program files\InstallShield Installation Information

2009-03-11 16:22 . 2005-04-06 12:19 -------- d-----w c:\program files\Pinnacle

2009-03-11 16:07 . 2009-03-08 17:16 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Vso

2009-03-09 16:12 . 2009-03-09 10:37 -------- d-----w c:\documents and settings\Eigenaar\Application Data\AVGTOOLBAR

2009-03-09 10:38 . 2008-05-26 17:40 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-03-09 10:37 . 2008-05-26 17:40 10520 ----a-w c:\windows\system32\avgrsstx.dll

2009-03-09 10:37 . 2008-05-26 17:39 -------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-03-08 17:16 . 2009-03-08 17:16 81920 ----a-w c:\documents and settings\Eigenaar\Application Data\ezpinst.exe

2009-03-08 17:16 . 2009-03-08 17:16 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys

2009-03-08 17:16 . 2009-03-08 17:16 47360 ----a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys

2009-03-07 23:20 . 2009-03-07 23:20 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Gamelab

2009-03-06 17:27 . 2009-01-23 17:48 15688 ----a-w c:\windows\system32\lsdelete.exe

2009-03-06 17:27 . 2009-01-23 17:27 64160 ----a-w c:\windows\system32\drivers\Lbd.sys

2009-03-06 14:23 . 2004-08-04 12:00 285696 ----a-w c:\windows\system32\pdh.dll

2009-03-04 17:35 . 2008-11-25 20:51 -------- d-----w c:\program files\MultiStage Recovery

2009-03-03 00:16 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll

2009-03-02 22:44 . 2009-03-02 22:44 -------- d-----w c:\program files\Quicksys

2009-03-01 10:05 . 2009-03-01 10:01 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Archibald's Adventures

2009-03-01 07:19 . 2008-11-19 00:01 -------- d-----w c:\program files\Common Files\Adobe AIR

2009-02-27 22:37 . 2009-02-27 22:37 -------- d-----w c:\documents and settings\All Users\Application Data\Quicksys

2009-02-27 21:21 . 2009-02-27 21:21 -------- d-----w c:\documents and settings\Eigenaar\Application Data\OpenOffice.org

2009-02-27 21:17 . 2009-02-26 12:11 -------- d-----w c:\program files\OpenOffice.org 2.4

2009-02-27 21:04 . 2008-08-07 19:39 -------- d-----w c:\documents and settings\Eigenaar\Application Data\OpenOffice.org2

2009-02-27 20:24 . 2009-02-27 17:29 -------- d-----w c:\documents and settings\Eigenaar\Application Data\RegTool

2009-02-26 12:03 . 2009-02-26 12:03 410984 ----a-w c:\windows\system32\deploytk.dll

2009-02-26 12:03 . 2006-10-29 03:14 -------- d-----w c:\program files\Java

2009-02-23 15:15 . 2005-04-04 12:27 85281 ------w c:\windows\hpgins01.dat

2009-02-23 15:14 . 2009-02-23 15:14 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard

2009-02-23 15:14 . 2005-04-04 12:28 -------- d-----w c:\program files\HP

2009-02-23 15:06 . 2005-03-31 20:50 -------- d-----w c:\program files\Hewlett-Packard

2009-02-23 14:25 . 2005-04-04 12:32 -------- d-----w c:\program files\Readiris Pro 9

2009-02-21 14:14 . 2009-02-21 14:14 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Sytexis Software

2009-02-20 17:18 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll

2009-02-09 14:08 . 2004-08-04 12:00 1846912 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:27 . 2004-08-04 00:58 2028544 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 11:27 . 2004-08-04 12:00 2149888 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:27 . 2004-08-04 12:00 111104 ----a-w c:\windows\system32\services.exe

2009-02-09 10:56 . 2004-08-04 12:00 734208 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:56 . 2004-08-04 12:00 684544 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:56 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:56 . 2004-08-04 12:00 735744 ----a-w c:\windows\system32\ntdll.dll

2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe

2009-02-05 16:57 . 2009-02-05 16:57 432008 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll

2008-05-04 20:29 . 2008-05-04 20:29 9 ----a-w c:\documents and settings\Eigenaar\Application Data\mdb.bin

2008-04-03 18:09 . 2008-03-14 08:21 105272 ----a-w c:\documents and settings\Gast\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2007-11-03 16:51 . 2007-10-29 21:54 1452 ----a-w c:\documents and settings\Eigenaar\Emails.dat

2007-10-29 21:54 . 2007-10-29 21:54 10 ----a-w c:\documents and settings\Eigenaar\user.dat

2007-02-01 18:28 . 2005-04-23 16:08 56824 ----a-w c:\documents and settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT

2005-03-31 18:05 . 2005-03-31 18:05 131 ----a-w c:\documents and settings\Eigenaar\Local Settings\Application Data\fusioncache.dat

2008-08-30 08:56 . 2008-08-30 08:56 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008083020080831\index.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-04-21_15.28.14 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-04-21 16:10 . 2009-04-21 16:10 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_c48.dat

+ 2009-04-21 16:09 . 2009-04-21 16:09 16384 c:\windows\Temp\Perflib_Perfdata_8cc.dat

+ 2009-04-21 16:09 . 2009-04-21 16:09 16384 c:\windows\Temp\Perflib_Perfdata_620.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"TweakRAM"="c:\program files\TweakRAM\TweakRAM.exe" [2008-12-20 1189888]

"Wireless LAN Card Utilities"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-09-18 1696768]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-18 333120]

"QuickTime Task"="c:\program files\QUICKTIME\QTTASK.EXE" [2008-11-04 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172032]

c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

sunbird.exe.lnk - c:\program files\Mozilla Sunbird\sunbird.exe [2005-4-29 6354540]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-03-09 10:37 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^Adobe Media Player.lnk]

backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

"snpstd3"=c:\windows\vsnpstd3.exe

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"QuickTime Task"="c:\program files\QUICKTIME\QTTASK.EXE" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 ctredrv.sys;ctredrv.sys; [x]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]

R3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\DRIVERS\STK017W2.sys [2003-11-17 99476]

R3 hitmanpro2;Hitman Pro 2 Driver;c:\program files\Hitman Pro\hitmanpro2.sys [2006-11-03 10336]

R3 USRPCI;USRobotics Wireless PCI Adapter Service; [x]

R3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.SYS [2004-04-21 16384]

S0 hotcore3;Hotcore helper;c:\windows\system32\DRIVERS\hotcore3.sys [2008-12-13 40496]

S0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2004-06-01 24971]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-06 64160]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-09 325640]

S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-10 108552]

S1 DCxxMJPG;Pinnacle DC10plus, Motion-JPEG VideoIO Board;c:\windows\system32\drivers\DCxxMJPG.sys [2002-06-04 132940]

S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2008-12-26 95592]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-09 908056]

S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-09 298264]

S2 History Explorer Service;History Explorer Service;h:\giveawayoftheday\History Explorer\HistoryExplorer.Service.exe [2009-01-06 51200]

S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]

S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-14 184968]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-09 16269]

S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]

.

Inhoud van de 'Gedeelde Taken' map

2009-04-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:27]

2009-04-21 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-04-21 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2008-07-19 16:02]

2009-04-21 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-29 13:38]

2009-04-21 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2009-03-15 c:\windows\Tasks\Wise Disk Cleaner 4.job

- h:\giveawayoftheday\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-03-15 19:12]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.hln.be/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.be/ig?sourceid=navclient&hl=nl&ie=UTF-8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - Sign In

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\lob8pztu.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.rocketdivision.com/search/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=nl-be&FORM=MICJE3&q=

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdivx32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFF12.DLL

FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-21 18:26

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-343818398-842925246-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(832)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1992)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\wpdshext.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\Audiodev.dll

c:\windows\system32\WMVCore.DLL

c:\windows\system32\WMASF.DLL

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

.

Voltooingstijd: 2009-04-21 18:28

ComboFix-quarantined-files.txt 2009-04-21 16:28

ComboFix2.txt 2009-04-21 15:30

Pre-Run: 10.769.453.056 bytes beschikbaar

Post-Run: 10.756.988.928 bytes beschikbaar

331 --- E O F --- 2009-04-16 23:36

Groetjes, Mikel

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\tmpFF48D.FOT

c:\windows\system32\tmpD558D.FOT

c:\windows\system32\tmpBA58D.FOT

c:\windows\system32\tmpAD58D.FOT

c:\windows\system32\tmp9F58D.FOT

c:\windows\system32\tmp5148D.FOT

c:\windows\system32\tmp4D68D.FOT

Folder::

c:\program files\Hitman Pro

Driver::

ctredrv.sys

hitmanpro2.sys

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht en laat even weten of dit enige invloed heeft gehad ?

Ik kan je melden dat m'n PC merkelijk vlugger opstart (in ongev. 2.30 min. en ook vlugger alslaat bij het stoppen).

Hier de log van Combofix

ComboFix 09-04-22.A0 - Eigenaar 22/04/2009 10:45.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1023.309 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\cfscript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Nieuw herstelpunt werd aangemaakt

FILE ::

c:\windows\system32\tmp4D68D.FOT

c:\windows\system32\tmp5148D.FOT

c:\windows\system32\tmp9F58D.FOT

c:\windows\system32\tmpAD58D.FOT

c:\windows\system32\tmpBA58D.FOT

c:\windows\system32\tmpD558D.FOT

c:\windows\system32\tmpFF48D.FOT

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Hitman Pro

c:\program files\Hitman Pro\blank.ini

c:\program files\Hitman Pro\Controls.ini

c:\program files\Hitman Pro\epcompilersigs.dat

c:\program files\Hitman Pro\eppackersigs.dat

c:\program files\Hitman Pro\hitmanpro2.sys

c:\program files\Hitman Pro\Language.ini

c:\program files\Hitman Pro\logs\buynow.gif

c:\program files\Hitman Pro\logs\Hitman_Pro_2005-05-29_16-58-26.htm

c:\program files\Hitman Pro\logs\Hitman_Pro_2005-05-29_17-00-40.htm

c:\program files\Hitman Pro\logs\Hitman_Pro_2008-04-14_00-31-27.htm

c:\program files\Hitman Pro\logs\Hitman_Pro_2008-04-14_00-36-19.htm

c:\program files\Hitman Pro\logs\Hitman_Pro_2008-04-14_09-57-40.htm

c:\program files\Hitman Pro\logs\hitmanpro.jpg

c:\program files\Hitman Pro\MRCAgent.exe

c:\program files\Hitman Pro\roamingsigs

c:\program files\Hitman Pro\sigcheck.exe

c:\program files\Hitman Pro\StriderCache.ini

c:\windows\system32\tmp4D68D.FOT

c:\windows\system32\tmp5148D.FOT

c:\windows\system32\tmp9F58D.FOT

c:\windows\system32\tmpAD58D.FOT

c:\windows\system32\tmpBA58D.FOT

c:\windows\system32\tmpD558D.FOT

c:\windows\system32\tmpFF48D.FOT

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_CTREDRV.SYS

-------\Service_ctredrv.sys

(((((((((((((((((((( Bestanden Gemaakt van 2009-03-22 to 2009-04-22 ))))))))))))))))))))))))))))))

.

2009-04-19 16:05 . 2009-04-19 16:05 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Malwarebytes

2009-04-19 16:05 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-19 16:05 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-19 16:05 . 2009-04-21 13:37 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-19 16:05 . 2009-04-19 16:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-18 22:08 . 2009-04-18 22:08 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Audio Editor Deluxe

2009-04-18 22:07 . 2006-03-23 10:56 113486 ----a-w c:\windows\system32\NCTWMAProfiles.prx

2009-04-18 22:07 . 2005-05-18 09:52 1212416 ----a-w c:\windows\system32\NCTAudioInformation2.dll

2009-04-18 22:07 . 2005-05-17 10:37 1986560 ----a-w c:\windows\system32\NCTAudioFile2.dll

2009-04-18 22:07 . 2005-04-25 11:01 458752 ----a-w c:\windows\system32\NCTAudioRecord2.dll

2009-04-18 22:07 . 2005-04-25 11:01 458752 ----a-w c:\windows\system32\NCTAudioPlayer2.dll

2009-04-18 22:07 . 2005-04-15 10:08 880640 ----a-w c:\windows\system32\NCTAudioEditor2.dll

2009-04-18 22:07 . 2005-04-04 15:21 602112 ----a-w c:\windows\system32\NCTAudioTransform2.dll

2009-04-18 22:07 . 2005-03-29 05:57 2084864 ----a-w c:\windows\system32\NCTAudioDesign2.dll

2009-04-18 22:07 . 2005-03-28 13:56 417792 ----a-w c:\windows\system32\NCTAudioDisplay2.dll

2009-04-18 22:07 . 2005-03-28 13:54 479232 ----a-w c:\windows\system32\NCTAudioVisualization2.dll

2009-04-18 22:07 . 2005-02-24 09:51 348160 ----a-w c:\windows\system32\NCTWMAFile2.dll

2009-04-18 22:07 . 2004-11-04 11:31 835584 ----a-w c:\windows\system32\NCTAudioCDGrabber2.dll

2009-04-18 20:07 . 2009-04-18 20:07 -------- d-----w c:\program files\Trend Micro

2009-04-18 16:23 . 2009-04-18 16:23 67 ----a-w c:\windows\wininit.ini

2009-04-16 20:47 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-16 20:47 . 2009-03-06 14:23 285696 -c----w c:\windows\system32\dllcache\pdh.dll

2009-04-16 20:47 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe

2009-04-16 20:47 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

2009-04-16 20:47 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

2009-04-16 20:47 . 2009-02-09 10:56 684544 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-04-16 20:47 . 2009-02-09 10:56 734208 -c----w c:\windows\system32\dllcache\lsasrv.dll

2009-04-16 20:47 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-16 20:47 . 2009-02-09 10:56 735744 -c----w c:\windows\system32\dllcache\ntdll.dll

2009-04-16 20:46 . 2009-03-27 06:59 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb

2009-04-16 20:46 . 2008-04-21 21:16 218624 -c----w c:\windows\system32\dllcache\wordpad.exe

2009-04-14 21:09 . 2009-02-23 15:15 85281 ------w c:\windows\hpgins01.dat.temp

2009-04-14 21:09 . 2004-05-13 20:33 145 ------w c:\windows\hpgmdl01.dat.temp

2009-04-12 12:37 . 2009-04-12 12:37 -------- d-----w c:\documents and settings\All Users\Application Data\TERMINAL Studio

2009-04-08 17:00 . 2008-12-13 12:47 40496 ----a-w c:\windows\system32\drivers\hotcore3.sys

2009-04-08 16:57 . 2009-04-08 16:57 -------- d-----w c:\program files\Paragon Software

2009-04-07 22:08 . 2009-04-07 22:08 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Talkback

2009-04-05 16:45 . 2009-04-05 16:45 -------- d-----w c:\documents and settings\Eigenaar\Application Data\TERMINAL Studio

2009-04-05 16:43 . 2007-11-06 15:46 106496 ----a-w c:\windows\system32\Astro Gemini Screensaver Manager.scr

2009-04-05 16:43 . 2009-04-05 16:43 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Astro Gemini Software

2009-04-05 16:43 . 2009-04-05 16:43 -------- d-----w c:\program files\Astro Gemini Software

2009-04-05 16:43 . 2008-08-21 10:30 12636160 ----a-w c:\windows\system32\Dinosaurs 3D Screensaver.scr

2009-04-04 12:48 . 2009-04-04 12:56 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Jetbricks

2009-04-01 14:58 . 2009-04-01 14:58 -------- d-----w c:\documents and settings\Eigenaar\Local Settings\Application Data\FileMaker

2009-03-31 16:40 . 2009-03-31 16:40 -------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop

2009-03-28 11:20 . 2009-03-28 11:20 -------- d-----w c:\documents and settings\All Users\Application Data\Gameeel

2009-03-23 15:15 . 2009-03-23 15:15 23 ----a-w c:\windows\SWFDecompiler.INI

2009-03-23 15:13 . 2009-03-27 22:53 -------- d-----w c:\program files\Common Files\SourceTec

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-22 08:54 . 2008-07-28 10:30 -------- d-----w c:\program files\SPAMfighter

2009-04-22 08:53 . 2005-04-29 17:48 -------- d-----w c:\program files\Mozilla Sunbird

2009-04-22 08:52 . 2009-01-23 19:48 132269 ----a-w C:\aaw7boot.log

2009-04-21 16:53 . 2009-04-21 16:53 26476 ----a-w C:\log21-04-09.txt

2009-04-21 16:36 . 2009-04-21 16:36 26476 ----a-w C:\log.txt

2009-04-21 15:18 . 2007-05-29 10:52 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater

2009-04-19 13:44 . 2009-03-16 11:58 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-04-17 22:31 . 2008-04-13 21:59 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-04-17 06:28 . 2004-08-04 12:00 580636 ----a-w c:\windows\system32\perfh013.dat

2009-04-17 06:28 . 2004-08-04 12:00 117582 ----a-w c:\windows\system32\perfc013.dat

2009-04-10 18:43 . 2008-05-26 17:40 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-04-05 20:36 . 2009-03-15 11:34 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Gold Casual Games

2009-04-05 20:36 . 2009-03-15 11:34 -------- d-----w c:\documents and settings\All Users\Application Data\Gold Casual Games

2009-04-01 16:48 . 2009-01-28 20:36 -------- d-----w c:\program files\DivX

2009-04-01 16:48 . 2009-01-03 13:56 -------- d-----w c:\program files\TweakRAM

2009-04-01 16:48 . 2008-11-25 21:56 -------- d-----w c:\program files\QuickTime

2009-04-01 16:48 . 2008-06-17 12:32 -------- d-----w c:\program files\FotoXpert

2009-04-01 16:48 . 2008-03-03 18:22 -------- d-----w c:\program files\Windows Live Toolbar

2009-04-01 16:48 . 2008-10-05 09:38 -------- d-----w c:\documents and settings\Eigenaar\Application Data\SpinTop

2009-03-31 14:00 . 2008-12-28 17:31 -------- d-----w c:\program files\WinUtilities

2009-03-31 13:15 . 2009-03-20 20:36 -------- d-----w c:\program files\Flexbyte Software

2009-03-31 09:55 . 2009-03-14 15:49 -------- d-----w c:\program files\JLC's Software

2009-03-28 07:12 . 2008-11-25 21:58 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Apple Computer

2009-03-24 14:16 . 2009-03-20 20:37 -------- d-----w c:\documents and settings\Eigenaar\Application Data\NetStat Agent

2009-03-24 14:15 . 2008-11-25 21:57 -------- d-----w c:\program files\Bonjour

2009-03-24 08:23 . 2005-04-02 07:13 -------- d-----w c:\program files\Google

2009-03-24 07:45 . 2009-01-15 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\History Explorer

2009-03-20 14:28 . 2005-03-29 13:23 282440 ----a-w c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-03-20 14:15 . 2009-03-20 14:15 -------- d-----w c:\program files\JRE

2009-03-20 14:15 . 2009-03-20 14:15 -------- d-----w c:\program files\OpenOffice.org 3

2009-03-19 09:06 . 2005-03-31 11:06 -------- d-----w c:\program files\Topcom

2009-03-18 23:48 . 2009-03-18 23:48 -------- d-----w c:\program files\Common Files\Bcgsoft

2009-03-18 00:17 . 2007-04-22 06:06 -------- d-----w c:\program files\Microsoft SQL Server

2009-03-17 22:41 . 2009-03-17 22:41 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Windows Search

2009-03-17 22:41 . 2009-03-17 22:41 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Windows Desktop Search

2009-03-17 22:40 . 2009-03-17 22:40 -------- d-----w c:\program files\Windows Desktop Search

2009-03-17 22:20 . 2009-03-17 22:20 -------- d-----w c:\program files\Microsoft Works

2009-03-17 22:19 . 2007-02-05 10:01 -------- d-----w c:\program files\Microsoft.NET

2009-03-17 21:53 . 2009-02-05 16:56 -------- d-----w c:\program files\MSBuild

2009-03-17 16:26 . 2008-12-26 14:00 -------- d-----w c:\program files\Premium Booster

2009-03-16 11:27 . 2007-04-22 06:13 -------- d-----w c:\program files\Microsoft Small Business

2009-03-14 15:49 . 2009-03-14 15:49 -------- d-----w c:\documents and settings\Eigenaar\Application Data\JLC's Software

2009-03-14 08:31 . 2009-03-14 08:31 -------- d-----w c:\program files\SystemRequirementsLab

2009-03-14 08:31 . 2009-03-14 08:31 -------- d-----w c:\documents and settings\Eigenaar\Application Data\SystemRequirementsLab

2009-03-12 16:46 . 2008-04-14 10:56 -------- d-----w c:\program files\Spybot - Search & Destroy

2009-03-11 16:28 . 2005-03-29 13:11 -------- d--h--w c:\program files\InstallShield Installation Information

2009-03-11 16:22 . 2005-04-06 12:19 -------- d-----w c:\program files\Pinnacle

2009-03-11 16:07 . 2009-03-08 17:16 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Vso

2009-03-09 16:12 . 2009-03-09 10:37 -------- d-----w c:\documents and settings\Eigenaar\Application Data\AVGTOOLBAR

2009-03-09 10:38 . 2008-05-26 17:40 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-03-09 10:37 . 2008-05-26 17:40 10520 ----a-w c:\windows\system32\avgrsstx.dll

2009-03-09 10:37 . 2008-05-26 17:39 -------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-03-08 17:16 . 2009-03-08 17:16 81920 ----a-w c:\documents and settings\Eigenaar\Application Data\ezpinst.exe

2009-03-08 17:16 . 2009-03-08 17:16 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys

2009-03-08 17:16 . 2009-03-08 17:16 47360 ----a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys

2009-03-07 23:20 . 2009-03-07 23:20 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Gamelab

2009-03-06 17:27 . 2009-01-23 17:48 15688 ----a-w c:\windows\system32\lsdelete.exe

2009-03-06 17:27 . 2009-01-23 17:27 64160 ----a-w c:\windows\system32\drivers\Lbd.sys

2009-03-06 14:23 . 2004-08-04 12:00 285696 ----a-w c:\windows\system32\pdh.dll

2009-03-04 17:35 . 2008-11-25 20:51 -------- d-----w c:\program files\MultiStage Recovery

2009-03-03 00:16 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll

2009-03-02 22:44 . 2009-03-02 22:44 -------- d-----w c:\program files\Quicksys

2009-03-01 10:05 . 2009-03-01 10:01 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Archibald's Adventures

2009-03-01 07:19 . 2008-11-19 00:01 -------- d-----w c:\program files\Common Files\Adobe AIR

2009-02-27 22:37 . 2009-02-27 22:37 -------- d-----w c:\documents and settings\All Users\Application Data\Quicksys

2009-02-27 21:21 . 2009-02-27 21:21 -------- d-----w c:\documents and settings\Eigenaar\Application Data\OpenOffice.org

2009-02-27 21:17 . 2009-02-26 12:11 -------- d-----w c:\program files\OpenOffice.org 2.4

2009-02-27 21:04 . 2008-08-07 19:39 -------- d-----w c:\documents and settings\Eigenaar\Application Data\OpenOffice.org2

2009-02-27 20:24 . 2009-02-27 17:29 -------- d-----w c:\documents and settings\Eigenaar\Application Data\RegTool

2009-02-26 12:03 . 2009-02-26 12:03 410984 ----a-w c:\windows\system32\deploytk.dll

2009-02-26 12:03 . 2006-10-29 03:14 -------- d-----w c:\program files\Java

2009-02-23 15:15 . 2005-04-04 12:27 85281 ------w c:\windows\hpgins01.dat

2009-02-23 15:14 . 2009-02-23 15:14 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard

2009-02-23 15:14 . 2005-04-04 12:28 -------- d-----w c:\program files\HP

2009-02-23 15:06 . 2005-03-31 20:50 -------- d-----w c:\program files\Hewlett-Packard

2009-02-23 14:25 . 2005-04-04 12:32 -------- d-----w c:\program files\Readiris Pro 9

2009-02-21 14:14 . 2009-02-21 14:14 -------- d-----w c:\documents and settings\Eigenaar\Application Data\Sytexis Software

2009-02-20 17:18 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll

2009-02-09 14:08 . 2004-08-04 12:00 1846912 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:27 . 2004-08-04 00:58 2028544 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 11:27 . 2004-08-04 12:00 2149888 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:27 . 2004-08-04 12:00 111104 ----a-w c:\windows\system32\services.exe

2009-02-09 10:56 . 2004-08-04 12:00 734208 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:56 . 2004-08-04 12:00 684544 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:56 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:56 . 2004-08-04 12:00 735744 ----a-w c:\windows\system32\ntdll.dll

2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe

2009-02-05 16:57 . 2009-02-05 16:57 432008 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll

2008-05-04 20:29 . 2008-05-04 20:29 9 ----a-w c:\documents and settings\Eigenaar\Application Data\mdb.bin

2008-04-03 18:09 . 2008-03-14 08:21 105272 ----a-w c:\documents and settings\Gast\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2007-11-03 16:51 . 2007-10-29 21:54 1452 ----a-w c:\documents and settings\Eigenaar\Emails.dat

2007-10-29 21:54 . 2007-10-29 21:54 10 ----a-w c:\documents and settings\Eigenaar\user.dat

2007-02-01 18:28 . 2005-04-23 16:08 56824 ----a-w c:\documents and settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT

2005-03-31 18:05 . 2005-03-31 18:05 131 ----a-w c:\documents and settings\Eigenaar\Local Settings\Application Data\fusioncache.dat

2008-08-30 08:56 . 2008-08-30 08:56 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008083020080831\index.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-04-21_15.28.14 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-04-22 08:53 . 2009-04-22 08:53 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_bf4.dat

+ 2009-04-22 08:29 . 2009-04-22 08:29 16384 c:\windows\Temp\Perflib_Perfdata_64c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"TweakRAM"="c:\program files\TweakRAM\TweakRAM.exe" [2008-12-20 1189888]

"Wireless LAN Card Utilities"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-09-18 1696768]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-18 333120]

"QuickTime Task"="c:\program files\QUICKTIME\QTTask.exe" [2008-11-04 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-09 1932568]

"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-01-03 1385472]

c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

sunbird.exe.lnk - c:\program files\Mozilla Sunbird\sunbird.exe [2005-4-29 6354540]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-03-09 10:37 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^Adobe Media Player.lnk]

backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

"snpstd3"=c:\windows\vsnpstd3.exe

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"QuickTime Task"="c:\program files\QUICKTIME\QTTASK.EXE" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\DRIVERS\STK017W2.sys [2003-11-17 99476]

R3 hitmanpro2;Hitman Pro 2 Driver; [x]

R3 USRPCI;USRobotics Wireless PCI Adapter Service; [x]

R3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.SYS [2004-04-21 16384]

S0 hotcore3;Hotcore helper;c:\windows\system32\DRIVERS\hotcore3.sys [2008-12-13 40496]

S0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2004-06-01 24971]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-06 64160]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-09 325640]

S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-10 108552]

S1 DCxxMJPG;Pinnacle DC10plus, Motion-JPEG VideoIO Board;c:\windows\system32\drivers\DCxxMJPG.sys [2002-06-04 132940]

S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2008-12-26 95592]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-09 908056]

S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-09 298264]

S2 History Explorer Service;History Explorer Service;h:\giveawayoftheday\History Explorer\HistoryExplorer.Service.exe [2009-01-06 51200]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]

S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]

S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-14 184968]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-09 16269]

S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]

.

Inhoud van de 'Gedeelde Taken' map

2009-04-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:27]

2009-04-22 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-04-22 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2008-07-19 16:02]

2009-04-22 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-29 13:38]

2009-04-22 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2009-03-15 c:\windows\Tasks\Wise Disk Cleaner 4.job

- h:\giveawayoftheday\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-03-15 19:12]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.hln.be/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.be/ig?sourceid=navclient&hl=nl&ie=UTF-8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - Sign In

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\lob8pztu.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.rocketdivision.com/search/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=nl-be&FORM=MICJE3&q=

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdivx32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFF12.DLL

FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-22 10:54

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-343818398-842925246-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(860)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3600)

c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\wpdshext.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\Audiodev.dll

c:\windows\system32\WMVCore.DLL

c:\windows\system32\WMASF.DLL

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\Ahead\InCD\InCDsrv.exe

c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE

c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE

c:\windows\system32\ati2evxx.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\gearsec.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Norton Ghost\Agent\VProSvc.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\windows\system32\searchindexer.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Voltooingstijd: 2009-04-22 11:03 - machine werd herstart

ComboFix-quarantined-files.txt 2009-04-22 09:03

ComboFix2.txt 2009-04-21 16:28

ComboFix3.txt 2009-04-21 15:30

Pre-Run: 10.671.685.632 bytes beschikbaar

Post-Run: 10.549.395.456 bytes beschikbaar

391 --- E O F --- 2009-04-22 08:02

Nogmaals veel dank, Mikel

Ik kan je melden dat m'n PC merkelijk vlugger opstart (in ongev. 2.30 min. en ook vlugger alslaat bij het stoppen)

Dat is prima nieuws ... en je logjes zien er nu ook goed uit

Dit mag je doen om de resten van de besmetting op te ruimen :

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

Ik heb alles uitgevoerd zoals je me aangeprezen hebt en ik kan je meedelen dat m'n computer nu weer goed werkt.

Ik wil je nogmaals van harte bedanken voor de snelle reactie op mijn vraag en vooral op de goede werking en opvolging van het gebeuren. Ik denk wel dat ik deze zaak als opgelost kan beschouwen tenzij je nog enkele uit te voeren bewerkingen voor mij in petto hebt.

Nog een Dikke proficiat aan het bestaan en vooral aan alle medewerkers van deze Site.

Mikel