download probleem

[suske]

hopelijk is dit het 2 de gescande logje en voFile::

c:\windows\System32\drivers\xlnk.sys

c:\windows\System32\drivers\acaeh.sys

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

[-HKEY_CLASSES_ROOT\clsid\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

DDS::

mStart Page = hxxp://home.sweetim.com

Driver::

oxgijw

ylygcakor de antivirus wil ik graag verder werken met de "avg"

[suske]

oei verkeerd logje gestuurd sorry

ComboFix 11-09-27.01 - suske 27/09/2011 13:32:35.2.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.2686.1271 [GMT 2:00]

Gestart vanuit: E:\ComboFix.exe

gebruikte Opdracht switches :: c:\users\suske\Desktop\cfscript - Snelkoppeling.lnk

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Panda Antivirus Pro 2010 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Panda Antivirus Pro 2010 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-27 to 2011-09-27 ))))))))))))))))))))))))))))))

.

.

2011-09-27 12:04 . 2011-09-27 12:04 -------- d-----w- c:\users\suske\AppData\Local\temp

2011-09-27 12:04 . 2011-09-27 12:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-20 09:08 . 2011-09-20 09:08 -------- d-----w- c:\users\suske\AppData\Roaming\Malwarebytes

2011-09-20 09:08 . 2011-09-20 09:08 -------- d-----w- c:\programdata\Malwarebytes

2011-09-20 09:08 . 2011-09-20 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-20 09:08 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-20 08:03 . 2011-09-20 08:03 388096 ----a-r- c:\users\suske\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-20 08:03 . 2011-09-20 08:03 -------- d-----w- c:\program files\Trend Micro

2011-09-18 09:06 . 2011-09-18 09:06 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2011-09-18 09:06 . 2011-09-18 09:07 -------- d-----w- c:\program files\AVG Secure Search

2011-09-18 08:51 . 2011-09-18 08:51 -------- d-----w- c:\users\suske\AppData\Local\Panda Security

2011-09-18 08:50 . 2007-03-15 17:38 54832 ----a-w- c:\windows\system32\pavcpl.cpl

2011-09-18 08:50 . 2003-10-22 16:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll

2011-09-18 08:49 . 2009-03-30 16:23 193792 ----a-w- c:\windows\system32\TpUtil.dll

2011-09-18 08:49 . 2009-03-30 16:22 87296 ----a-w- c:\windows\system32\PavLspHook.dll

2011-09-18 08:49 . 2009-03-30 16:22 55552 ----a-w- c:\windows\system32\pavipc.dll

2011-09-18 08:49 . 2007-02-08 08:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL

2011-09-18 08:49 . 2009-03-30 16:22 518400 ----a-w- c:\windows\system32\PavSHook.dll

2011-09-18 08:49 . 2009-08-06 10:29 49160 ----a-w- c:\windows\system32\drivers\amm8660.sys

2011-09-18 08:49 . 2008-03-18 14:58 58672 ----a-w- c:\windows\system32\avldr.dll

2011-09-18 08:49 . 2011-09-18 08:49 -------- d-----w- c:\windows\system32\PAV

2011-09-18 08:49 . 2011-09-18 08:50 -------- d-----w- c:\program files\Panda Security

2011-09-18 08:49 . 2011-09-18 08:49 -------- d-----w- c:\users\suske\AppData\Roaming\Panda Security

2011-09-18 08:49 . 2011-09-18 08:49 -------- d-----w- c:\programdata\Panda Security

2011-09-18 08:13 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2011-09-18 08:12 . 2011-09-18 08:12 -------- d-----w- c:\program files\Common Files\Panda Security

2011-09-18 08:12 . 2009-06-30 15:17 163336 ----a-r- c:\windows\system32\drivers\PavProc.sys

2011-09-18 08:12 . 2008-03-04 13:59 41144 ----a-r- c:\windows\system32\drivers\ShlDrv51.sys

2011-09-17 12:54 . 2011-09-17 12:54 -------- d-----w- c:\program files\ESET

2011-09-17 12:31 . 2011-09-17 12:33 -------- d--h--w- c:\windows\msdownld.tmp

2011-09-17 10:28 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-09-02 07:35 . 2011-09-02 07:35 -------- d-----w- c:\users\suske\Documents steaker

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-26 15:04 . 2011-05-22 03:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-25 11:21 . 2011-08-25 11:21 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-07-24 09:19 . 2011-07-24 09:19 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-07-22 02:54 . 2011-08-20 07:37 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-20 07:37 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-20 07:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-11 13:25 . 2011-08-25 08:58 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-06 15:31 . 2011-08-19 06:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

2011-06-27 10:05 175912 ----a-w- c:\program files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2011-09-18 09:06 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95324e44-4b0a-47a9-8f77-9c6415e51c29}"= "c:\program files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll" [2011-06-27 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-18 1451336]

.

[HKEY_CLASSES_ROOT\clsid\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{95324E44-4B0A-47A9-8F77-9C6415E51C29}"= "c:\program files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll" [2011-06-27 175912]

.

[HKEY_CLASSES_ROOT\clsid\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2011-09-22 366024]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-21 202024]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]

"Skytel"="Skytel.exe" [2007-08-03 1826816]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-08-31 660136]

"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-08-31 16040]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2009-08-31 320168]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

"IMBooster"="c:\program files\Iminent\IMBooster\imbooster.exe" [2011-03-30 1324008]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584]

"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" [2009-09-25 906496]

"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe" [2009-08-12 56064]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-09-18 218440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2008-03-18 14:58 58672 ----a-w- c:\windows\System32\avldr.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-08-21 13:52 1422632 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2007-08-17 05:27 4702208 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-08-03 05:22 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]

2008-02-04 09:13 1038136 ----a-w- c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-04-20 20:57 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2007-03-01 13:24 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]

2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R0 oxgijw;oxgijw;c:\windows\System32\drivers\xlnk.sys [x]

R0 ylygcak;ylygcak;c:\windows\System32\drivers\acaeh.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 136176]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 StkCMini;Syntek AVStream USB2.0 VGA WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-09-26 1355520]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]

S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2009-06-30 28552]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]

S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]

S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2009-08-06 49160]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost [x]

S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]

S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2009-08-13 594600]

S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2009-08-13 98984]

S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2009-06-30 163336]

S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe [2009-08-25 28928]

S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-09-17 24576]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-18 246600]

S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x]

S3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x]

S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

panda REG_MULTI_SZ Gwmsrv

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 17:01]

.

2011-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 17:01]

.

2011-09-27 c:\windows\Tasks\Uitgebreide garantie-suske.job

- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-10-14 09:13]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://home.sweetim.com

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-09-27 14:04

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(6652)

c:\program files\Iminent\IMBooster\Iminent.WinCore.dll

.

Voltooingstijd: 2011-09-27 14:08:19

ComboFix-quarantined-files.txt 2011-09-27 12:08

ComboFix2.txt 2011-09-27 10:59

.

Pre-Run: 122.095.800.320 bytes beschikbaar

Post-Run: 122.067.791.872 bytes beschikbaar

.

- - End Of File - - 3097145571AF7A0881CCF874ACDA90E4

[kape]

Dit is niet goed gegaan ... je hebt de opdracht opgeslagen als een snelkoppeling, maar het moet als een bestandje zijn. De opdracht invoeren in een kladblok en dan opslaan als CFScript.txt. Sleep dan CFScript.txt in de rode snelkoppeling van ComboFix op je bureaublad. Dan start Combofix opnieuw op en worden de aangeduide items verwijderd. Daarna mag je - ter controle - een nieuw log van Combofix plaatsen in een volgend bericht.

[suske]

hallo ,

hier het logje van combofix

ComboFix 11-09-28.01 - suske 28/09/2011 9:59.3.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.2686.1574 [GMT 2:00]

Gestart vanuit: E:\ComboFix.exe

gebruikte Opdracht switches :: c:\users\suske\Desktop\cfscript.txt. - Snelkoppeling.lnk

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Panda Antivirus Pro 2010 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Panda Antivirus Pro 2010 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-28 to 2011-09-28 ))))))))))))))))))))))))))))))

.

.

2011-09-28 08:14 . 2011-09-28 08:15 -------- d-----w- c:\users\suske\AppData\Local\temp

2011-09-28 08:14 . 2011-09-28 08:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-20 09:08 . 2011-09-20 09:08 -------- d-----w- c:\users\suske\AppData\Roaming\Malwarebytes

2011-09-20 09:08 . 2011-09-20 09:08 -------- d-----w- c:\programdata\Malwarebytes

2011-09-20 09:08 . 2011-09-20 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-20 09:08 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-20 08:03 . 2011-09-20 08:03 388096 ----a-r- c:\users\suske\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-20 08:03 . 2011-09-20 08:03 -------- d-----w- c:\program files\Trend Micro

2011-09-18 09:06 . 2011-09-18 09:06 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2011-09-18 09:06 . 2011-09-18 09:07 -------- d-----w- c:\program files\AVG Secure Search

2011-09-18 08:51 . 2011-09-18 08:51 -------- d-----w- c:\users\suske\AppData\Local\Panda Security

2011-09-18 08:50 . 2007-03-15 17:38 54832 ----a-w- c:\windows\system32\pavcpl.cpl

2011-09-18 08:50 . 2003-10-22 16:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll

2011-09-18 08:49 . 2009-03-30 16:23 193792 ----a-w- c:\windows\system32\TpUtil.dll

2011-09-18 08:49 . 2009-03-30 16:22 87296 ----a-w- c:\windows\system32\PavLspHook.dll

2011-09-18 08:49 . 2009-03-30 16:22 55552 ----a-w- c:\windows\system32\pavipc.dll

2011-09-18 08:49 . 2007-02-08 08:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL

2011-09-18 08:49 . 2009-03-30 16:22 518400 ----a-w- c:\windows\system32\PavSHook.dll

2011-09-18 08:49 . 2009-08-06 10:29 49160 ----a-w- c:\windows\system32\drivers\amm8660.sys

2011-09-18 08:49 . 2008-03-18 14:58 58672 ----a-w- c:\windows\system32\avldr.dll

2011-09-18 08:49 . 2011-09-18 08:49 -------- d-----w- c:\windows\system32\PAV

2011-09-18 08:49 . 2011-09-18 08:50 -------- d-----w- c:\program files\Panda Security

2011-09-18 08:49 . 2011-09-18 08:49 -------- d-----w- c:\users\suske\AppData\Roaming\Panda Security

2011-09-18 08:49 . 2011-09-18 08:49 -------- d-----w- c:\programdata\Panda Security

2011-09-18 08:13 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2011-09-18 08:12 . 2011-09-18 08:12 -------- d-----w- c:\program files\Common Files\Panda Security

2011-09-18 08:12 . 2009-06-30 15:17 163336 ----a-r- c:\windows\system32\drivers\PavProc.sys

2011-09-18 08:12 . 2008-03-04 13:59 41144 ----a-r- c:\windows\system32\drivers\ShlDrv51.sys

2011-09-17 12:54 . 2011-09-17 12:54 -------- d-----w- c:\program files\ESET

2011-09-17 12:31 . 2011-09-17 12:33 -------- d--h--w- c:\windows\msdownld.tmp

2011-09-17 10:28 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-09-02 07:35 . 2011-09-02 07:35 -------- d-----w- c:\users\suske\Documents steaker

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-26 15:04 . 2011-05-22 03:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-25 11:21 . 2011-08-25 11:21 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-07-24 09:19 . 2011-07-24 09:19 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-07-22 02:54 . 2011-08-20 07:37 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-20 07:37 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-20 07:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-11 13:25 . 2011-08-25 08:58 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-06 15:31 . 2011-08-19 06:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-27_10.36.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 01:58 . 2011-09-28 07:41 79434 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:02 . 2011-09-28 07:41 93490 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-04-11 10:01 . 2011-09-27 08:49 23284 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4055620263-2327395932-440613682-1000_UserData.bin

+ 2009-04-11 10:01 . 2011-09-28 07:41 23284 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4055620263-2327395932-440613682-1000_UserData.bin

+ 2009-04-11 09:57 . 2011-09-28 07:45 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-04-11 09:57 . 2011-09-27 08:40 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-04-11 09:57 . 2011-09-27 08:40 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-04-11 09:57 . 2011-09-28 07:45 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-04-11 09:57 . 2011-09-28 07:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-04-11 09:57 . 2011-09-27 08:40 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-09-27 08:40 . 2011-09-27 08:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-28 07:31 . 2011-09-28 07:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-28 07:31 . 2011-09-28 07:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-09-27 08:40 . 2011-09-27 08:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-31 23:40 . 2011-09-27 08:40 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-31 23:40 . 2011-09-28 07:31 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2011-02-19 09:02 . 2011-09-27 08:13 386072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-02-19 09:02 . 2011-09-27 13:32 386072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-06-20 20:00 . 2011-09-27 08:13 5819540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055620263-2327395932-440613682-1000-8192.dat

+ 2011-06-20 20:00 . 2011-09-27 13:32 5819540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055620263-2327395932-440613682-1000-8192.dat

- 2011-06-23 14:28 . 2011-09-23 14:40 1721331 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055620263-2327395932-440613682-1000-12288.dat

+ 2011-06-23 14:28 . 2011-09-27 12:10 1721331 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055620263-2327395932-440613682-1000-12288.dat

+ 2011-06-22 16:32 . 2011-09-27 13:32 16973144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055620263-2327395932-440613682-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

2011-06-27 10:05 175912 ----a-w- c:\program files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2011-09-18 09:06 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95324e44-4b0a-47a9-8f77-9c6415e51c29}"= "c:\program files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll" [2011-06-27 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-18 1451336]

.

[HKEY_CLASSES_ROOT\clsid\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{95324E44-4B0A-47A9-8F77-9C6415E51C29}"= "c:\program files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll" [2011-06-27 175912]

.

[HKEY_CLASSES_ROOT\clsid\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2011-09-22 366024]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-21 202024]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]

"Skytel"="Skytel.exe" [2007-08-03 1826816]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-08-31 660136]

"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-08-31 16040]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2009-08-31 320168]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

"IMBooster"="c:\program files\Iminent\IMBooster\imbooster.exe" [2011-03-30 1324008]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584]

"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" [2009-09-25 906496]

"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe" [2009-08-12 56064]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-09-18 218440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2008-03-18 14:58 58672 ----a-w- c:\windows\System32\avldr.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-08-21 13:52 1422632 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2007-08-17 05:27 4702208 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-08-03 05:22 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]

2008-02-04 09:13 1038136 ----a-w- c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-04-20 20:57 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2007-03-01 13:24 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]

2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R0 oxgijw;oxgijw;c:\windows\System32\drivers\xlnk.sys [x]

R0 ylygcak;ylygcak;c:\windows\System32\drivers\acaeh.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 136176]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 StkCMini;Syntek AVStream USB2.0 VGA WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-09-26 1355520]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]

S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2009-06-30 28552]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]

S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]

S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2009-08-06 49160]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost [x]

S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]

S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2009-08-13 594600]

S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2009-08-13 98984]

S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2009-06-30 163336]

S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe [2009-08-25 28928]

S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-09-17 24576]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-18 246600]

S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x]

S3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x]

S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

panda REG_MULTI_SZ Gwmsrv

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 17:01]

.

2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 17:01]

.

2011-09-28 c:\windows\Tasks\Uitgebreide garantie-suske.job

- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-10-14 09:13]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://home.sweetim.com

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 195.130.131.129 195.130.130.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-09-28 10:15

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(3808)

c:\program files\Iminent\IMBooster\Iminent.WinCore.dll

c:\windows\system32\stobject.dll

.

Voltooingstijd: 2011-09-28 10:38:10

ComboFix-quarantined-files.txt 2011-09-28 08:37

ComboFix2.txt 2011-09-27 12:08

ComboFix3.txt 2011-09-27 10:59

.

Pre-Run: 121.995.243.520 bytes beschikbaar

Post-Run: 121.955.000.320 bytes beschikbaar

.

- - End Of File - - 7378A4C15E51945CB4532D9034E4EDDA

[suske]

hallo ,

hier het logje van combofix

ComboFix 11-09-28.01 - suske 28/09/2011 9:59.3.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.2686.1574 [GMT 2:00]

Gestart vanuit: E:\ComboFix.exe

gebruikte Opdracht switches :: c:\users\suske\Desktop\cfscript.txt. - Snelkoppeling.lnk

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Panda Antivirus Pro 2010 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Panda Antivirus Pro 2010 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-28 to 2011-09-28 ))))))))))))))))))))))))))))))

.

.

2011-09-28 08:14 . 2011-09-28 08:15 -------- d-----w- c:\users\suske\AppData\Local\temp

2011-09-28 08:14 . 2011-09-28 08:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-20 09:08 . 2011-09-20 09:08 -------- d-----w- c:\users\suske\AppData\Roaming\Malwarebytes

2011-09-20 09:08 . 2011-09-20 09:08 -------- d-----w- c:\programdata\Malwarebytes

2011-09-20 09:08 . 2011-09-20 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-20 09:08 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-20 08:03 . 2011-09-20 08:03 388096 ----a-r- c:\users\suske\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-20 08:03 . 2011-09-20 08:03 -------- d-----w- c:\program files\Trend Micro

2011-09-18 09:06 . 2011-09-18 09:06 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2011-09-18 09:06 . 2011-09-18 09:07 -------- d-----w- c:\program files\AVG Secure Search

2011-09-18 08:51 . 2011-09-18 08:51 -------- d-----w- c:\users\suske\AppData\Local\Panda Security

2011-09-18 08:50 . 2007-03-15 17:38 54832 ----a-w- c:\windows\system32\pavcpl.cpl

2011-09-18 08:50 . 2003-10-22 16:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll

2011-09-18 08:49 . 2009-03-30 16:23 193792 ----a-w- c:\windows\system32\TpUtil.dll

2011-09-18 08:49 . 2009-03-30 16:22 87296 ----a-w- c:\windows\system32\PavLspHook.dll

2011-09-18 08:49 . 2009-03-30 16:22 55552 ----a-w- c:\windows\system32\pavipc.dll

2011-09-18 08:49 . 2007-02-08 08:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL

2011-09-18 08:49 . 2009-03-30 16:22 518400 ----a-w- c:\windows\system32\PavSHook.dll

2011-09-18 08:49 . 2009-08-06 10:29 49160 ----a-w- c:\windows\system32\drivers\amm8660.sys

2011-09-18 08:49 . 2008-03-18 14:58 58672 ----a-w- c:\windows\system32\avldr.dll

2011-09-18 08:49 . 2011-09-18 08:49 -------- d-----w- c:\windows\system32\PAV

2011-09-18 08:49 . 2011-09-18 08:50 -------- d-----w- c:\program files\Panda Security

2011-09-18 08:49 . 2011-09-18 08:49 -------- d-----w- c:\users\suske\AppData\Roaming\Panda Security

2011-09-18 08:49 . 2011-09-18 08:49 -------- d-----w- c:\programdata\Panda Security

2011-09-18 08:13 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2011-09-18 08:12 . 2011-09-18 08:12 -------- d-----w- c:\program files\Common Files\Panda Security

2011-09-18 08:12 . 2009-06-30 15:17 163336 ----a-r- c:\windows\system32\drivers\PavProc.sys

2011-09-18 08:12 . 2008-03-04 13:59 41144 ----a-r- c:\windows\system32\drivers\ShlDrv51.sys

2011-09-17 12:54 . 2011-09-17 12:54 -------- d-----w- c:\program files\ESET

2011-09-17 12:31 . 2011-09-17 12:33 -------- d--h--w- c:\windows\msdownld.tmp

2011-09-17 10:28 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-09-02 07:35 . 2011-09-02 07:35 -------- d-----w- c:\users\suske\Documents steaker

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-26 15:04 . 2011-05-22 03:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-25 11:21 . 2011-08-25 11:21 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-07-24 09:19 . 2011-07-24 09:19 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-07-22 02:54 . 2011-08-20 07:37 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-20 07:37 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-20 07:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-11 13:25 . 2011-08-25 08:58 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-06 15:31 . 2011-08-19 06:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-27_10.36.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 01:58 . 2011-09-28 07:41 79434 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:02 . 2011-09-28 07:41 93490 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-04-11 10:01 . 2011-09-27 08:49 23284 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4055620263-2327395932-440613682-1000_UserData.bin

+ 2009-04-11 10:01 . 2011-09-28 07:41 23284 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4055620263-2327395932-440613682-1000_UserData.bin

+ 2009-04-11 09:57 . 2011-09-28 07:45 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-04-11 09:57 . 2011-09-27 08:40 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-04-11 09:57 . 2011-09-27 08:40 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-04-11 09:57 . 2011-09-28 07:45 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-04-11 09:57 . 2011-09-28 07:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-04-11 09:57 . 2011-09-27 08:40 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-09-27 08:40 . 2011-09-27 08:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-28 07:31 . 2011-09-28 07:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-28 07:31 . 2011-09-28 07:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-09-27 08:40 . 2011-09-27 08:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-31 23:40 . 2011-09-27 08:40 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-31 23:40 . 2011-09-28 07:31 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2011-02-19 09:02 . 2011-09-27 08:13 386072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-02-19 09:02 . 2011-09-27 13:32 386072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-06-20 20:00 . 2011-09-27 08:13 5819540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055620263-2327395932-440613682-1000-8192.dat

+ 2011-06-20 20:00 . 2011-09-27 13:32 5819540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055620263-2327395932-440613682-1000-8192.dat

- 2011-06-23 14:28 . 2011-09-23 14:40 1721331 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055620263-2327395932-440613682-1000-12288.dat

+ 2011-06-23 14:28 . 2011-09-27 12:10 1721331 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055620263-2327395932-440613682-1000-12288.dat

+ 2011-06-22 16:32 . 2011-09-27 13:32 16973144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055620263-2327395932-440613682-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

2011-06-27 10:05 175912 ----a-w- c:\program files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2011-09-18 09:06 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95324e44-4b0a-47a9-8f77-9c6415e51c29}"= "c:\program files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll" [2011-06-27 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-18 1451336]

.

[HKEY_CLASSES_ROOT\clsid\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{95324E44-4B0A-47A9-8F77-9C6415E51C29}"= "c:\program files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll" [2011-06-27 175912]

.

[HKEY_CLASSES_ROOT\clsid\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2011-09-22 366024]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-21 202024]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]

"Skytel"="Skytel.exe" [2007-08-03 1826816]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-08-31 660136]

"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-08-31 16040]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2009-08-31 320168]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

"IMBooster"="c:\program files\Iminent\IMBooster\imbooster.exe" [2011-03-30 1324008]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584]

"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" [2009-09-25 906496]

"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe" [2009-08-12 56064]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-09-18 218440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2008-03-18 14:58 58672 ----a-w- c:\windows\System32\avldr.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-08-21 13:52 1422632 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2007-08-17 05:27 4702208 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-08-03 05:22 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]

2008-02-04 09:13 1038136 ----a-w- c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-04-20 20:57 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2007-03-01 13:24 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]

2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R0 oxgijw;oxgijw;c:\windows\System32\drivers\xlnk.sys [x]

R0 ylygcak;ylygcak;c:\windows\System32\drivers\acaeh.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 136176]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 StkCMini;Syntek AVStream USB2.0 VGA WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-09-26 1355520]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]

S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2009-06-30 28552]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]

S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]

S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2009-08-06 49160]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost [x]

S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]

S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2009-08-13 594600]

S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2009-08-13 98984]

S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2009-06-30 163336]

S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe [2009-08-25 28928]

S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-09-17 24576]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-18 246600]

S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x]

S3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x]

S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

panda REG_MULTI_SZ Gwmsrv

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 17:01]

.

2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 17:01]

.

2011-09-28 c:\windows\Tasks\Uitgebreide garantie-suske.job

- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-10-14 09:13]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://home.sweetim.com

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 195.130.131.129 195.130.130.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-09-28 10:15

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(3808)

c:\program files\Iminent\IMBooster\Iminent.WinCore.dll

c:\windows\system32\stobject.dll

.

Voltooingstijd: 2011-09-28 10:38:10

ComboFix-quarantined-files.txt 2011-09-28 08:37

ComboFix2.txt 2011-09-27 12:08

ComboFix3.txt 2011-09-27 10:59

.

Pre-Run: 121.995.243.520 bytes beschikbaar

Post-Run: 121.955.000.320 bytes beschikbaar

.

- - End Of File - - 7378A4C15E51945CB4532D9034E4EDDA

[kape]

Hier heb je opnieuw dezelfde bewerking gedaan als in je eerdere log, via een snelkoppeling c:\users\suske\Desktop\cfscript.txt. - Snelkoppeling.lnk. Het is echter het bestandje cfscript.txt dat je in het logo van Combofix moet slepen. Dan pas gaan de noodzakelijke verwijderingen gebeuren.

[suske]

suske , als ik de scan doe krijg ik toch de volledige scan op kladblok ?

deze sleep ik dan in de combofix (deze hierboven) vind geen andere

[kape]

Dat klopt wel, maar daar kan je het probleem niet mee oplossen. De naam van het bestandje dat je moet maken, is belangrijk om de fouten te kunnen verbeteren. Hier nog even hoe je het correct moet doen :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\System32\drivers\xlnk.sys

c:\windows\System32\drivers\acaeh.sys

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

[-HKEY_CLASSES_ROOT\clsid\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

DDS::

mStart Page = hxxp://home.sweetim.com

Driver::

oxgijw

ylygcak

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in de rode snelkoppeling van ComboFix op je bureaublad.

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

[suske]

suske, hopelijk is dit het juiste logje

ComboFix 11-09-28.01 - suske 28/09/2011 13:46:24.4.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.2686.1499 [GMT 2:00]

Gestart vanuit: E:\ComboFix.exe

gebruikte Opdracht switches :: c:\users\suske\Desktop\cfscript.txt.lnk

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Panda Antivirus Pro 2010 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Panda Antivirus Pro 2010 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-28 to 2011-09-28 ))))))))))))))))))))))))))))))

.

.

2011-09-28 12:02 . 2011-09-28 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-28 08:38 . 2011-09-28 12:03 -------- d-----w- c:\users\suske\AppData\Local\temp

2011-09-20 09:08 . 2011-09-20 09:08 -------- d-----w- c:\users\suske\AppData\Roaming\Malwarebytes

2011-09-20 09:08 . 2011-09-20 09:08 -------- d-----w- c:\programdata\Malwarebytes

2011-09-20 09:08 . 2011-09-20 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-20 09:08 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-20 08:03 . 2011-09-20 08:03 388096 ----a-r- c:\users\suske\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-20 08:03 . 2011-09-20 08:03 -------- d-----w- c:\program files\Trend Micro

2011-09-18 09:06 . 2011-09-18 09:06 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2011-09-18 09:06 . 2011-09-18 09:07 -------- d-----w- c:\program files\AVG Secure Search

2011-09-18 08:51 . 2011-09-18 08:51 -------- d-----w- c:\users\suske\AppData\Local\Panda Security

2011-09-18 08:50 . 2007-03-15 17:38 54832 ----a-w- c:\windows\system32\pavcpl.cpl

2011-09-18 08:50 . 2003-10-22 16:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll

2011-09-18 08:49 . 2009-03-30 16:23 193792 ----a-w- c:\windows\system32\TpUtil.dll

2011-09-18 08:49 . 2009-03-30 16:22 87296 ----a-w- c:\windows\system32\PavLspHook.dll

2011-09-18 08:49 . 2009-03-30 16:22 55552 ----a-w- c:\windows\system32\pavipc.dll

2011-09-18 08:49 . 2007-02-08 08:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL

2011-09-18 08:49 . 2009-03-30 16:22 518400 ----a-w- c:\windows\system32\PavSHook.dll

2011-09-18 08:49 . 2009-08-06 10:29 49160 ----a-w- c:\windows\system32\drivers\amm8660.sys

2011-09-18 08:49 . 2008-03-18 14:58 58672 ----a-w- c:\windows\system32\avldr.dll

2011-09-18 08:49 . 2011-09-18 08:49 -------- d-----w- c:\windows\system32\PAV

2011-09-18 08:49 . 2011-09-18 08:50 -------- d-----w- c:\program files\Panda Security

2011-09-18 08:49 . 2011-09-18 08:49 -------- d-----w- c:\users\suske\AppData\Roaming\Panda Security

2011-09-18 08:49 . 2011-09-18 08:49 -------- d-----w- c:\programdata\Panda Security

2011-09-18 08:13 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2011-09-18 08:12 . 2011-09-18 08:12 -------- d-----w- c:\program files\Common Files\Panda Security

2011-09-18 08:12 . 2009-06-30 15:17 163336 ----a-r- c:\windows\system32\drivers\PavProc.sys

2011-09-18 08:12 . 2008-03-04 13:59 41144 ----a-r- c:\windows\system32\drivers\ShlDrv51.sys

2011-09-17 12:54 . 2011-09-17 12:54 -------- d-----w- c:\program files\ESET

2011-09-17 12:31 . 2011-09-17 12:33 -------- d--h--w- c:\windows\msdownld.tmp

2011-09-17 10:28 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-09-02 07:35 . 2011-09-02 07:35 -------- d-----w- c:\users\suske\Documents steaker

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-26 15:04 . 2011-05-22 03:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-25 11:21 . 2011-08-25 11:21 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-07-24 09:19 . 2011-07-24 09:19 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-07-22 02:54 . 2011-08-20 07:37 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-20 07:37 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-20 07:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-11 13:25 . 2011-08-25 08:58 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-06 15:31 . 2011-08-19 06:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-27_10.36.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 01:58 . 2011-09-28 08:50 79466 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:02 . 2011-09-28 08:51 93490 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-04-11 10:01 . 2011-09-27 08:49 23284 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4055620263-2327395932-440613682-1000_UserData.bin

+ 2009-04-11 10:01 . 2011-09-28 08:51 23284 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4055620263-2327395932-440613682-1000_UserData.bin

+ 2009-04-11 09:57 . 2011-09-28 11:01 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-04-11 09:57 . 2011-09-27 08:40 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-04-11 09:57 . 2011-09-27 08:40 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-04-11 09:57 . 2011-09-28 11:01 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-04-11 09:57 . 2011-09-28 11:01 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-04-11 09:57 . 2011-09-27 08:40 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-09-27 08:40 . 2011-09-27 08:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-28 08:42 . 2011-09-28 08:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-09-27 08:40 . 2011-09-27 08:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-09-28 08:42 . 2011-09-28 08:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-31 23:40 . 2011-09-28 08:42 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-31 23:40 . 2011-09-27 08:40 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2011-02-19 09:02 . 2011-09-28 08:41 386072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-02-19 09:02 . 2011-09-27 08:13 386072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-06-20 20:00 . 2011-09-28 08:41 5819540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055620263-2327395932-440613682-1000-8192.dat

- 2011-06-20 20:00 . 2011-09-27 08:13 5819540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055620263-2327395932-440613682-1000-8192.dat

+ 2011-06-23 14:28 . 2011-09-27 12:10 1721331 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055620263-2327395932-440613682-1000-12288.dat

- 2011-06-23 14:28 . 2011-09-23 14:40 1721331 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055620263-2327395932-440613682-1000-12288.dat

+ 2011-06-22 16:32 . 2011-09-28 08:41 16973144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4055620263-2327395932-440613682-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

2011-06-27 10:05 175912 ----a-w- c:\program files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2011-09-18 09:06 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95324e44-4b0a-47a9-8f77-9c6415e51c29}"= "c:\program files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll" [2011-06-27 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-18 1451336]

.

[HKEY_CLASSES_ROOT\clsid\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{95324E44-4B0A-47A9-8F77-9C6415E51C29}"= "c:\program files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll" [2011-06-27 175912]

.

[HKEY_CLASSES_ROOT\clsid\{95324e44-4b0a-47a9-8f77-9c6415e51c29}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2011-09-22 366024]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-21 202024]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]

"Skytel"="Skytel.exe" [2007-08-03 1826816]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-08-31 660136]

"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-08-31 16040]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2009-08-31 320168]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

"IMBooster"="c:\program files\Iminent\IMBooster\imbooster.exe" [2011-03-30 1324008]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584]

"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" [2009-09-25 906496]

"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe" [2009-08-12 56064]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-09-18 218440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2008-03-18 14:58 58672 ----a-w- c:\windows\System32\avldr.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-08-21 13:52 1422632 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2007-08-17 05:27 4702208 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-08-03 05:22 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]

2008-02-04 09:13 1038136 ----a-w- c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-04-20 20:57 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2007-03-01 13:24 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]

2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R0 oxgijw;oxgijw;c:\windows\System32\drivers\xlnk.sys [x]

R0 ylygcak;ylygcak;c:\windows\System32\drivers\acaeh.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 136176]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 StkCMini;Syntek AVStream USB2.0 VGA WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-09-26 1355520]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]

S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2009-06-30 28552]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]

S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]

S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2009-08-06 49160]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost [x]

S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]

S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2009-08-13 594600]

S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2009-08-13 98984]

S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2009-06-30 163336]

S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe [2009-08-25 28928]

S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-09-17 24576]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-18 246600]

S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x]

S3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x]

S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

panda REG_MULTI_SZ Gwmsrv

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 17:01]

.

2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 17:01]

.

2011-09-28 c:\windows\Tasks\Uitgebreide garantie-suske.job

- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-10-14 09:13]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://home.sweetim.com

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 195.130.131.129 195.130.130.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-09-28 14:03

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(4872)

c:\program files\Iminent\IMBooster\Iminent.WinCore.dll

.

Voltooingstijd: 2011-09-28 14:27:48

ComboFix-quarantined-files.txt 2011-09-28 12:27

ComboFix2.txt 2011-09-28 08:38

ComboFix3.txt 2011-09-27 12:08

ComboFix4.txt 2011-09-27 10:59

.

Pre-Run: 121.961.734.144 bytes beschikbaar

Post-Run: 121.926.742.016 bytes beschikbaar

.

- - End Of File - - ACD8C8E8355FDB4F204D9FBED8099F37

---------- Post toegevoegd om 14:45 ---------- Vorige post was om 14:38 ----------

is dit het nieuwe logje van "hijackthis" ?

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:44:59 , on 28/09/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Lexmark 2600 Series\lxdnmon.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Iminent\IMBooster\IMBooster.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Family Safety\fsui.exe

C:\Program Files\Panda Security\Panda Antivirus Pro 2010\ApVxdWin.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe

C:\Program Files\IncrediMail\Bin\ImApp.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IncrediMail MediaBar Nederlands 2 - {95324e44-4b0a-47a9-8f77-9c6415e51c29} - C:\Program Files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: IncrediMail MediaBar Nederlands 2 Toolbar - {95324e44-4b0a-47a9-8f77-9c6415e51c29} - C:\Program Files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"

O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [iMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE

O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe

O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe

O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrvx86.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe

O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

--

End of file - 11918 bytes

---------- Post toegevoegd om 14:47 ---------- Vorige post was om 14:45 ----------

is dit het juiste logje van "hijackthis" ?

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:44:59 , on 28/09/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Lexmark 2600 Series\lxdnmon.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Iminent\IMBooster\IMBooster.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Family Safety\fsui.exe

C:\Program Files\Panda Security\Panda Antivirus Pro 2010\ApVxdWin.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe

C:\Program Files\IncrediMail\Bin\ImApp.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IncrediMail MediaBar Nederlands 2 - {95324e44-4b0a-47a9-8f77-9c6415e51c29} - C:\Program Files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: IncrediMail MediaBar Nederlands 2 Toolbar - {95324e44-4b0a-47a9-8f77-9c6415e51c29} - C:\Program Files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"

O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [iMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE

O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe

O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe

O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrvx86.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe

O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

--

End of file - 11918 bytes

[kape]

Het is nog steeds niet goed gegaan ... kijk nog eens naar de naam van het bestand dat je hebt opgeslagen : c:\users\suske\Desktop\cfscript.txt.lnk. Die .lnk is er teveel aan. Zo gaat het nooit werken. De correcte naam is cfscript.txt (zonder toevoegsel).

En het logje van HijackThis is wel een recent log, maar ook daar zijn de foute aanduidingen niet verwijderd ? Heb je het verwijderen uitgevoerd als "administrator" ? Een Vista-gebruiker moet dat immers op die manier doen. Best even herhalen in "veilige modus" én als administrator. Daarna mag je weer een actueel logje van HijackThis posten.