Emperor

Krijg AdobeCS3 niet verwijderd. Via de Adobe - Adobe Creative Suite Cleaner Tool lukt het ook niet. Daarna CCleaner geprobeerd. Maar nog steeds zelfde probleem. Grootte van 2.586MB wordt weergegeven. Misschien een detail: er staat niet in de lijst van software Adobe CS3, er staat 'Adobe CS3 Design Premium toevoegen of verwijderen'...

Zal t ff proberen geen probleem als het geen officiële versie was?

Een tijdje geleden Adobe CS3 trachten te installeren. Installatie mislukte omdat ik nu windows7 gebruik. Probeerde de installatie te annuleren, maar dat lukte niet. Ook via configuratiescherm -> software verwijderen, lukt het niet. Ik kan Adobe CS3 wel in de lijst zien staan, maar er gebeurt niets als ik verwijderen kies. Bij elke opstart van Windows7, en elk Office-programma dat ik opstart, komt er automatisch een poging van Adobe om een plug-in te installeren. Hij zoekt de installatieschijf (die niet aanwezig is op dat moment, omdat de installatie toch niet lukt), en ik moet die installatie steeds annuleren (of afbreken), maar dat kost veel tijd en geheugen, want office-programma hangt daardoor effe vast vooraleer op te starten... Kan iemand mij helpen? Grtz, Emperor

Hoe kan ik de administrator-autorisatie aanpassen? Pc wordt enkel door mezelf en mijn echtgenote gebruikt. Alles mag dus door de 2 gekende gebruikers worden aangepast, geïnstalleerd, gedeïnstalleerd, ... Maar als ik via configuratiescherm -> software verwijderen een programma probeer te verwijderen, krijg ik in sommige gevallen te zien dat ik niet over de rechten beschik om dat te doen... In verkenner staan voor enkele mappen slotjes, maar voor andere niet. Die instellingen kan ik wel aanpassen, maar dat lukt niet altijd (soms ook de melding dat ik niet de rechten heb om dit te doen), en is tevens heel tijdrovend. Ook installeren van software lukte niet altijd, maar dat lijkt te omzeilen door 'uitvoeren als administrator' te kiezen. Iemand een voorstel om dit snel en grondig op te lossen? Grtz,Emperor

nee, ik heb geen andere prog's van PC Tools staan. die conduit is weg, en de babylon ook uit progr files, enkel heette die map myBabylon_english.

Ja, da's Spyware Doctor Enig idee wat hiermee te doen (blijkbaar is trouwens alleen de scan gratis, het opschonen van de bestanden betalend :s ) ps: die Conduitengine zal ik verwijderen.

heb de indruk dat de pc sneller werkt opnieuw. Heb in 'configuratiescherm' en 'software' enkele programma's ook verwijderd die ik niet meer nodig had, en dat liep prima. Enkel die Babylon blijft er precies opstaan. Die start niet meer automatisch op, maar als ik in 'siftware' op "verwijderen" klik, dan gebeurt er niets. En ik probeerde Doctor Spyware ook te verwijderen, en dan kreeg ik de melding dat 'sdloader.exe' niet gevonden is, en daardoor wordt het blijkbaar niet verwijderd.

Dit is de log na de combo met de babylon-cfscript.txt Kan je hiermee verder? CU & Thx, Emp ComboFix 11-03-24.06 - Emperor 25/03/2011 23:28:26.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.1022.414 [GMT 1:00] Gestart vanuit: c:\documents and settings\Emperor\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Emperor\Bureaublad\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))) . . 2011-03-24 17:37 . 2011-03-25 22:28 1409 ----a-w- c:\windows\QTFont.for 2011-03-23 20:25 . 2011-03-23 20:25 -------- d-----w- c:\documents and settings\Emperor\Application Data\Malwarebytes 2011-03-23 20:22 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-23 20:22 . 2011-03-23 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-23 20:22 . 2011-03-23 20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-23 20:22 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-23 19:35 . 2011-03-23 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-03-23 18:38 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2011-03-23 18:38 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys 2011-03-23 18:38 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2011-03-23 18:38 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2011-03-23 18:37 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2011-03-23 18:27 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2011-03-23 17:53 . 2011-03-23 18:57 -------- d-----w- c:\program files\Common Files\PC Tools 2011-03-23 17:53 . 2011-03-23 20:05 -------- d-----w- c:\program files\PC Tools Security 2011-03-23 17:53 . 2011-03-23 17:53 -------- d-----w- c:\documents and settings\Emperor\Application Data\PC Tools 2011-03-23 17:53 . 2011-03-25 20:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-03-23 17:40 . 2011-03-23 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-03-23 11:10 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-03-23 11:10 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-03-23 11:10 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-03-23 11:10 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-03-23 11:10 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-03-23 11:10 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-03-23 11:10 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-03-23 11:10 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-03-23 11:09 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr 2011-03-23 11:09 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe 2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\program files\AVAST Software 2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-21 09:11 . 2010-11-18 17:59 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2004-11-01 14:33 . 2006-03-20 17:30 1519800 ----a-w- c:\program files\dMC-r101.exe 2004-10-31 01:21 . 2005-11-24 23:06 2421920 ----a-w- c:\program files\winzip90sr1.exe 2003-11-09 22:49 . 2005-11-24 23:05 401952 ----a-w- c:\program files\3DwindowsXP.exe 2003-11-07 13:40 . 2005-11-24 20:02 1897672 ----a-w- c:\program files\winzip81.exe 2002-08-30 09:53 . 2006-04-07 12:09 122880 ----a-w- c:\program files\AtlasNOCD.exe 2000-11-13 21:31 . 2000-11-13 21:31 9468736 ----a-w- c:\program files\sp2upd.exe 1998-09-15 16:22 . 2006-04-07 12:09 11776 ----a-w- c:\program files\Startop.exe 1997-07-19 16:55 . 2006-04-07 12:09 1347344 ----a-w- c:\program files\MSVBVM50.DLL 1997-06-04 01:00 . 2006-04-07 12:09 11264 ----a-w- c:\program files\_SETUP.DLL 1995-09-07 20:22 . 2006-04-07 12:09 8192 ----a-w- c:\program files\_ISDEL.EXE 1997-06-23 11:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-03-25_08.58.55 ))))))))))))))))))))))))))))))))))))))))) . + 2011-03-25 11:35 . 2011-03-25 11:35 16384 c:\windows\Temp\Perflib_Perfdata_5b4.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UNILEX"="c:\program files\Easy Computing\De Grote Encyclopedie '99\tft.exe" [1998-09-29 33280] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-02-01 163840] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] "Gadwin PrintScreen 3.1"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2005-09-27 1073152] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-12 68856] "Google Update"="c:\documents and settings\Emperor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-22 133104] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688] "nwiz"="nwiz.exe" [2005-09-22 1519616] "NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016] "RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864] "MedionVFD"="c:\program files\Medion Info Display\MdionLCM.exe" [2005-10-11 126976] "CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-08-04 237568] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-27 180269] "RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-08-22 258048] "Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080] "InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-27 77824] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032] "PCMService"="c:\program files\Medion Home CinemaXL\PowerCinema\PCMService.exe" [2003-02-17 57344] "CHotkey"="mHotkey.exe" [2004-06-03 549376] "ledpointer"="CNYHKey.exe" [2003-07-21 5577216] "PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016] "Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 45056] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496] "ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] . c:\documents and settings\Emperor\Menu Start\Programma's\Opstarten\ Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2003-10-4 49152] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ 2Mega Camera Manager Monitor.lnk - c:\program files\MD40323\ICON.EXE [2005-11-25 49152] Adobe Acrobat Snelle start.lnk - c:\windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2008-10-4 295606] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872] HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [N/A] LG SyncManager.lnk - c:\program files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2010-9-15 299008] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-4-20 118784] Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2007-2-18 315392] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-11-24 118784] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\NetMeeting\\Conf.exe"= "c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [23/03/2011 19:38 239168] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [23/03/2011 19:38 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [23/03/2011 19:38 656320] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/03/2011 12:10 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/03/2011 12:10 301528] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/03/2011 12:10 19544] R2 EFUploadSrv;ExtraFilm upload service;c:\program files\ExtraFilm Designer BE NL\EFUploadSrv.exe [9/07/2009 13:27 1716224] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [23/03/2011 18:57 366840] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/10/2005 14:01 826112] R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [4/10/2005 17:37 69248] R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 7:11 12160] R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 7:11 10496] R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 7:11 12928] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 9:38 135664] S3 USTOR;Silver Crest Memory Adapter;c:\windows\system32\drivers\UStork.sys [29/11/2005 19:14 20218] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-03-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-08 06:15] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007Core.job - c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007UA.job - c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-Spyware Doctor - c:\documents and settings\DEmperor\Bureaublad\sdsetup_revwire207.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-03-25 23:43 Windows 5.1.2600 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(620) c:\windows\system32\msi.dll c:\windows\system32\AcSignIcon.dll c:\progra~1\WINDOW~2\wmpband.dll c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll c:\program files\Babylon\Babylon-Pro\Captlib.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2011-03-25 23:51:00 ComboFix-quarantined-files.txt 2011-03-25 22:50 ComboFix2.txt 2011-03-25 21:48 ComboFix3.txt 2011-03-25 09:05 . Pre-Run: 25.121.751.040 bytes beschikbaar Post-Run: 25.102.659.584 bytes beschikbaar . - - End Of File - - C55F933F401FD263C7F6356C43CACBE5

Nu de ComboFix gestart op de Babylon-resten met de nieuwe CFScript.txt. Even zien wat er nu gebeurt. Grtz, Emperor

Combo is toch beëindigd. (had de indruk dat avast die tegenhield: was terug opgesprongen bij heropstarten. Heb die uitgezet toen ik een waarschuwing van avast voor combofix kreeg, en toen schoot combo in gang). Hieronder de logfile (nog niet je raad over babylon opgevolgd, dat doe ik zo meteen): ComboFix 11-03-24.03 - Emperor 25/03/2011 12:15:49.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.1022.493 [GMT 1:00] Gestart vanuit: c:\documents and settings\Emperor\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Emperor\Bureaublad\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_rseb . . (((((((((((((((((((( Bestanden Gemaakt van 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))) . . 2011-03-24 17:37 . 2011-03-25 11:32 1409 ----a-w- c:\windows\QTFont.for 2011-03-23 20:25 . 2011-03-23 20:25 -------- d-----w- c:\documents and settings\Emperor\Application Data\Malwarebytes 2011-03-23 20:22 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-23 20:22 . 2011-03-23 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-23 20:22 . 2011-03-23 20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-23 20:22 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-23 19:35 . 2011-03-23 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-03-23 18:38 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2011-03-23 18:38 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys 2011-03-23 18:38 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2011-03-23 18:38 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2011-03-23 18:37 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2011-03-23 18:27 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2011-03-23 17:53 . 2011-03-23 18:57 -------- d-----w- c:\program files\Common Files\PC Tools 2011-03-23 17:53 . 2011-03-23 20:05 -------- d-----w- c:\program files\PC Tools Security 2011-03-23 17:53 . 2011-03-23 17:53 -------- d-----w- c:\documents and settings\Emperor\Application Data\PC Tools 2011-03-23 17:53 . 2011-03-25 14:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-03-23 17:40 . 2011-03-23 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-03-23 11:10 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-03-23 11:10 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-03-23 11:10 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-03-23 11:10 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-03-23 11:10 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-03-23 11:10 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-03-23 11:10 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-03-23 11:10 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-03-23 11:09 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr 2011-03-23 11:09 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe 2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\program files\AVAST Software 2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-21 09:11 . 2010-11-18 17:59 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2004-11-01 14:33 . 2006-03-20 17:30 1519800 ----a-w- c:\program files\dMC-r101.exe 2004-10-31 01:21 . 2005-11-24 23:06 2421920 ----a-w- c:\program files\winzip90sr1.exe 2003-11-09 22:49 . 2005-11-24 23:05 401952 ----a-w- c:\program files\3DwindowsXP.exe 2003-11-07 13:40 . 2005-11-24 20:02 1897672 ----a-w- c:\program files\winzip81.exe 2002-08-30 09:53 . 2006-04-07 12:09 122880 ----a-w- c:\program files\AtlasNOCD.exe 2000-11-13 21:31 . 2000-11-13 21:31 9468736 ----a-w- c:\program files\sp2upd.exe 1998-09-15 16:22 . 2006-04-07 12:09 11776 ----a-w- c:\program files\Startop.exe 1997-07-19 16:55 . 2006-04-07 12:09 1347344 ----a-w- c:\program files\MSVBVM50.DLL 1997-06-04 01:00 . 2006-04-07 12:09 11264 ----a-w- c:\program files\_SETUP.DLL 1995-09-07 20:22 . 2006-04-07 12:09 8192 ----a-w- c:\program files\_ISDEL.EXE 1997-06-23 11:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-03-25_08.58.55 ))))))))))))))))))))))))))))))))))))))))) . + 2011-03-25 11:35 . 2011-03-25 11:35 16384 c:\windows\Temp\Perflib_Perfdata_5b4.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] 2011-01-17 14:54 175912 ----a-w- c:\program files\myBabylon_English\prxtbmyB0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UNILEX"="c:\program files\Easy Computing\De Grote Encyclopedie '99\tft.exe" [1998-09-29 33280] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-02-01 163840] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] "Gadwin PrintScreen 3.1"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2005-09-27 1073152] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-12 68856] "Google Update"="c:\documents and settings\Emperor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-22 133104] "Spyware Doctor"="c:\documents and settings\Emperor\Bureaublad\sdsetup_revwire207.exe" [2011-03-23 512992] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688] "nwiz"="nwiz.exe" [2005-09-22 1519616] "NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016] "RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864] "MedionVFD"="c:\program files\Medion Info Display\MdionLCM.exe" [2005-10-11 126976] "CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-08-04 237568] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-27 180269] "RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-08-22 258048] "Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080] "InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-27 77824] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032] "PCMService"="c:\program files\Medion Home CinemaXL\PowerCinema\PCMService.exe" [2003-02-17 57344] "CHotkey"="mHotkey.exe" [2004-06-03 549376] "ledpointer"="CNYHKey.exe" [2003-07-21 5577216] "PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016] "Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 45056] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-09-08 3730832] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496] "ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] . c:\documents and settings\Emperor\Menu Start\Programma's\Opstarten\ Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2003-10-4 49152] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ 2Mega Camera Manager Monitor.lnk - c:\program files\MD40323\ICON.EXE [2005-11-25 49152] Adobe Acrobat Snelle start.lnk - c:\windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2008-10-4 295606] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872] HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [N/A] LG SyncManager.lnk - c:\program files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2010-9-15 299008] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-4-20 118784] Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2007-2-18 315392] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-11-24 118784] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\NetMeeting\\Conf.exe"= "c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [23/03/2011 19:38 239168] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [23/03/2011 19:38 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [23/03/2011 19:38 656320] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/03/2011 12:10 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/03/2011 12:10 301528] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/03/2011 12:10 19544] R2 EFUploadSrv;ExtraFilm upload service;c:\program files\ExtraFilm Designer BE NL\EFUploadSrv.exe [9/07/2009 13:27 1716224] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [23/03/2011 18:57 366840] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/10/2005 14:01 826112] R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [4/10/2005 17:37 69248] R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 7:11 12160] R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 7:11 10496] R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 7:11 12928] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 9:38 135664] S3 USTOR;Silver Crest Memory Adapter;c:\windows\system32\drivers\UStork.sys [29/11/2005 19:14 20218] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-03-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-08 06:15] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007Core.job - c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007UA.job - c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-03-25 15:38 Windows 5.1.2600 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(2324) c:\windows\system32\msi.dll c:\windows\system32\AcSignIcon.dll c:\progra~1\WINDOW~2\wmpband.dll c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll c:\program files\Babylon\Babylon-Pro\Captlib.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe c:\windows\system32\CTsvcCDA.exe c:\program files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe c:\program files\CA\eTrust Antivirus\InoRpc.exe c:\program files\CA\eTrust Antivirus\InoRT.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\PC Tools Security\pctsSvc.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wdfmgr.exe c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\windows\mHotkey.exe c:\windows\CNYHKey.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\Common Files\Java\Java Update\jucheck.exe c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe . ************************************************************************** . Voltooingstijd: 2011-03-25 22:48:56 - machine werd herstart ComboFix-quarantined-files.txt 2011-03-25 21:48 ComboFix2.txt 2011-03-25 09:05 . Pre-Run: 25.418.760.192 bytes beschikbaar Post-Run: 25.122.717.696 bytes beschikbaar . - - End Of File - - 6CC13661BB32C76F05DCFDD31C18BDA6

Nog niet bezig aan bestanden van Babylon. ondertussen 4u later en nog steeds blauwe scherm van combo met daarin: Log rapport wordt voorbereid - Start geen andere programma's tot ComboFix klaar is. Is het normaal dat die log nog steeds niet klaar is? (van zodra ik kan, of je opnieuw reageert, zal ik die resten van Babylon ook aanpakken)

Kan het zijn dat combo automatisch de pc opnieuw heeft opgestart? Heb het in gang gezet, ben een paar uur weg geweest en ik kom terug en zie mijn inlogscherm. Bij verder in windows opstarten komt er opnieuw een blauw combo venstertje. Die Babylon wilde ik ooit eens gebruiken als een vertaalprogramma. Die toolbar is met het programma meegekomen. Heb het trouwens nooit gebruikt, want online oplossingen bleken veel beter vertalingen te geven. Zou dit toolbar ook een probl kunnen zijn misschien?

Log van combofix: (ter info: snelheid is nog niet helemaal ok hoor, loopt nog af en toe even vast, waarna plots alle commando's ineens uitgevoerd worden) ComboFix 11-03-24.03 - Emperor 25/03/2011 9:39.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.1022.268 [GMT 1:00] Gestart vanuit: c:\documents and settings\Emperor\Bureaublad\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Ulead Photo Express 4.0 SE Calendar Checker .lnk c:\program files\autorun.inf c:\program files\Setup.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))) . . 2011-03-24 17:37 . 2011-03-25 08:58 1409 ----a-w- c:\windows\QTFont.for 2011-03-23 20:25 . 2011-03-23 20:25 -------- d-----w- c:\documents and settings\Emperor\Application Data\Malwarebytes 2011-03-23 20:22 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-23 20:22 . 2011-03-23 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-23 20:22 . 2011-03-23 20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-23 20:22 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-23 19:35 . 2011-03-23 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-03-23 18:38 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2011-03-23 18:38 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys 2011-03-23 18:38 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2011-03-23 18:38 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2011-03-23 18:37 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2011-03-23 18:27 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2011-03-23 17:53 . 2011-03-23 18:57 -------- d-----w- c:\program files\Common Files\PC Tools 2011-03-23 17:53 . 2011-03-23 20:05 -------- d-----w- c:\program files\PC Tools Security 2011-03-23 17:53 . 2011-03-23 17:53 -------- d-----w- c:\documents and settings\Emperor\Application Data\PC Tools 2011-03-23 17:53 . 2011-03-24 17:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-03-23 17:40 . 2011-03-23 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-03-23 11:10 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-03-23 11:10 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-03-23 11:10 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-03-23 11:10 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-03-23 11:10 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-03-23 11:10 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-03-23 11:10 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-03-23 11:10 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-03-23 11:09 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr 2011-03-23 11:09 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe 2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\program files\AVAST Software 2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-21 09:11 . 2010-11-18 17:59 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2004-11-01 14:33 . 2006-03-20 17:30 1519800 ----a-w- c:\program files\dMC-r101.exe 2004-10-31 01:21 . 2005-11-24 23:06 2421920 ----a-w- c:\program files\winzip90sr1.exe 2003-11-09 22:49 . 2005-11-24 23:05 401952 ----a-w- c:\program files\3DwindowsXP.exe 2003-11-07 13:40 . 2005-11-24 20:02 1897672 ----a-w- c:\program files\winzip81.exe 2002-08-30 09:53 . 2006-04-07 12:09 122880 ----a-w- c:\program files\AtlasNOCD.exe 2000-11-13 21:31 . 2000-11-13 21:31 9468736 ----a-w- c:\program files\sp2upd.exe 1998-09-15 16:22 . 2006-04-07 12:09 11776 ----a-w- c:\program files\Startop.exe 1997-07-19 16:55 . 2006-04-07 12:09 1347344 ----a-w- c:\program files\MSVBVM50.DLL 1997-06-04 01:00 . 2006-04-07 12:09 11264 ----a-w- c:\program files\_SETUP.DLL 1995-09-07 20:22 . 2006-04-07 12:09 8192 ----a-w- c:\program files\_ISDEL.EXE 1997-06-23 11:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] 2011-01-17 14:54 175912 ----a-w- c:\program files\myBabylon_English\prxtbmyB0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\prxtbmyB0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UNILEX"="c:\program files\Easy Computing\De Grote Encyclopedie '99\tft.exe" [1998-09-29 33280] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-02-01 163840] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] "Gadwin PrintScreen 3.1"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2005-09-27 1073152] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-12 68856] "Google Update"="c:\documents and settings\Emperor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-22 133104] "Spyware Doctor"="c:\documents and settings\Emperor\Bureaublad\sdsetup_revwire207.exe" [2011-03-23 512992] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688] "nwiz"="nwiz.exe" [2005-09-22 1519616] "NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016] "RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864] "MedionVFD"="c:\program files\Medion Info Display\MdionLCM.exe" [2005-10-11 126976] "CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-08-04 237568] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-27 180269] "RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-08-22 258048] "Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080] "InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-27 77824] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032] "PCMService"="c:\program files\Medion Home CinemaXL\PowerCinema\PCMService.exe" [2003-02-17 57344] "CHotkey"="mHotkey.exe" [2004-06-03 549376] "ledpointer"="CNYHKey.exe" [2003-07-21 5577216] "PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016] "Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 45056] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-09-08 3730832] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496] "ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] . c:\documents and settings\Emperor\Menu Start\Programma's\Opstarten\ Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2003-10-4 49152] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ 2Mega Camera Manager Monitor.lnk - c:\program files\MD40323\ICON.EXE [2005-11-25 49152] Adobe Acrobat Snelle start.lnk - c:\windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2008-10-4 295606] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872] HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [N/A] LG SyncManager.lnk - c:\program files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2010-9-15 299008] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-4-20 118784] Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2007-2-18 315392] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-11-24 118784] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\NetMeeting\\Conf.exe"= "c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [23/03/2011 19:38 239168] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [23/03/2011 19:38 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [23/03/2011 19:38 656320] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/03/2011 12:10 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/03/2011 12:10 301528] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/03/2011 12:10 19544] R2 EFUploadSrv;ExtraFilm upload service;c:\program files\ExtraFilm Designer BE NL\EFUploadSrv.exe [9/07/2009 13:27 1716224] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [23/03/2011 18:57 366840] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/10/2005 14:01 826112] R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [4/10/2005 17:37 69248] R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 7:11 12160] R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 7:11 10496] R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 7:11 12928] S0 rseb;rseb; [x] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 9:38 135664] S3 USTOR;Silver Crest Memory Adapter;c:\windows\system32\drivers\UStork.sys [29/11/2005 19:14 20218] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-03-24 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-08 06:15] . 2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38] . 2011-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007Core.job - c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007UA.job - c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm . . ------- Bestandsassociaties ------- . .scr=AutoCADScriptFile . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe HKLM-Run-SCM - c:\program files\silver crest memory adapter tools2.93\scma.exe AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-03-25 09:58 Windows 5.1.2600 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . Voltooingstijd: 2011-03-25 10:05:40 ComboFix-quarantined-files.txt 2011-03-25 09:05 . Pre-Run: 11.879.088.128 bytes beschikbaar Post-Run: 25.404.387.328 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 84FAC238AD86A753212A90D1F456FB47

met de combo bezig (gister op t werk gaf iemand de tip om met systeemherstel te proberen, kan dat een oplossing zijn? enige probleem: in bureau-acc ontbreekt die functie, net als defragmentatie. let wel: dit heeft niets met dit virus te maken, want was daarvoor al eens weggeraakt)

momenteel lijkt het goed te gaan, maar de pc stond de hele nacht op ik heb de indruk dat het bij het opstarten slechtst is, nl alle programma's die geladne moetne worden rechtsonder in beeld naast de klok. en dan ook nog dat op het bureaublad de helft van de icoontjes ontbreekt (afbeeldingetje kan niet gevonden worden) maar ik zal de pc even heropstarten en kom dan met meer nieuws... ---------- Post toegevoegd om 08:51 ---------- Vorige post was om 08:45 ---------- ik zal de combofix eerst doen vooraleer herop te starten ---------- Post toegevoegd om 08:58 ---------- Vorige post was om 08:51 ---------- enkel antivurssen tijdje uitschakelen, of ook de firewalls?

en toen ik gister naar het werk vertrok (nog steeds voor ik bij jullie terechtkwam) zette ik een volledige systeemscan in, dus gn snelle scan. daarbij werden ook nog 2 bedreigingen gevonden. Logje van MBAM hieronder: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Databaseversie: 6145 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 24/03/2011 17:40:52 mbam-log-2011-03-24 (17-40-52).txt Scantype: Volledige scan (C:\|D:\|E:\|) Objecten gescand: 504114 Verstreken tijd: 3 uur/uren, 49 minuut/minuten, 24 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 2 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\program files\flac to mp3 converter\all2mp3.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. c:\program files\GIMP-2.0\lib\gimp\2.0\plug-ins\autostretch_hsv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Dit is de MBAM log: (niets gevonden, maar is dat niet logisch? Ik deed voor ik op dit forum terechtkwam reeds een MBAM op aanraden van mijn schoonvader, en toen heeft ie +/-160 mappen en bestanden geïnfecteerd verwijderd.) Nog een HJT nodig? Of wil iemand het MBAM-logje van eergister zien? Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Databaseversie: 6164 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 25/03/2011 8:28:00 mbam-log-2011-03-25 (08-28-00).txt Scantype: Snelle scan Objecten gescand: 226509 Verstreken tijd: 17 minuut/minuten, 2 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) ---------- Post toegevoegd om 08:32 ---------- Vorige post was om 08:28 ---------- in afwachting toch het HJT-logje ook gemaakt: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:35:53, on 25/03/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\PC Tools Security\pctsAuxs.exe C:\Program Files\PC Tools Security\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\PC Tools Security\pctsGui.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Medion Info Display\MdionLCM.exe C:\WINDOWS\system32\CmUCReye.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\MD40323\ICON.EXE C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\ScanWizard 5\ScannerFinder.exe D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Rainlendar\Rainlendar.exe K:\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: myBabylon English - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe" O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [instantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [sCM] c:\program files\silver crest memory adapter tools2.93\scma.exe sys_auto_run C:\Program Files\Silver Crest Memory Adapter Tools2.93 O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uNILEX] C:\Program Files\Easy Computing\De Grote Encyclopedie '99\tft.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\DE KEYSER Michaël\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spyware Doctor] C:\Documents and Settings\DE KEYSER Michaël\Bureaublad\sdsetup_revwire207.exe -min O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: 2Mega Camera Manager Monitor.lnk = ? O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ? O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130364442791 O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://D:\Program Files\Land Desktop 3\AcDcToday.ocx O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\Land Desktop 3\AcPreview.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Version Cue CS3 {nl_NL} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Windows Media Player Network Sharing-service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing) O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 19554 bytes ---------- Post toegevoegd om 08:37 ---------- Vorige post was om 08:32 ---------- en voor de volledigheid geef ik ook nog het logje van MBAM mee dat ik op 23/03 maakte: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Databaseversie: 6145 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 23/03/2011 21:54:13 mbam-log-2011-03-23 (21-54-13).txt Scantype: Snelle scan Objecten gescand: 226358 Verstreken tijd: 19 minuut/minuten, 40 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 5 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 5 Bestanden geïnfecteerd: 158 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\REAL\WEATHERBUG\MINIBUGTRANSPORTER.DLL (Adware.Minibug) -> Value: MINIBUGTRANSPORTER.DLL -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: c:\program files\Wav (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8 (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9 (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\program files\common files\Real\weatherbug\minibugtransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully. c:\documents and settings\de keyser michaël\local settings\Temp\keyfinder.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1618.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F277.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F100.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F108.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F11.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1147.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1155.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1192.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F12.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1231.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F13.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1326.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1385.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1405.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F148.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1481.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F151.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1530.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1550.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1559.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F156.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1643.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1656.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1671.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1683.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F170.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F174.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1740.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F175.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1759.wav (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F1764.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F188.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F198.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F203.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F207.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F218.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F228.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F233.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F242.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F246.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F292.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F295.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F307.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F328.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F350.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F364.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F379.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F390.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F401.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F43.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F44.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F445.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F452.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F492.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F493.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F502.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F544.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F579.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F676.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F718.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F740.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F759.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F800.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F815.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F840.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F876.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F901.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F912.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F943.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F950.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod8\F\F975.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F174.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F260.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F376.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F104.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F107.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F108.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F111.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F122.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F127.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F129.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F131.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F141.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F144.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F15.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F151.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F152.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F154.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F156.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F158.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F159.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F170.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F172.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F176.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F181.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F187.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F197.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F198.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F210.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F214.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F219.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F22.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F227.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F23.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F231.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F234.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F237.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F248.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F249.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F25.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F254.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F259.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F261.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F266.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F271.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F285.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F287.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F288.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F292.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F297.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F323.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F325.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F336.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F341.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F344.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F35.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F359.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F362.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F367.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F37.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F371.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F378.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F395.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F398.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F404.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F411.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F421.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F424.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F426.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F431.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F434.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F436.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F440.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F444.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F6.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F7.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F70.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F72.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F73.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F75.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F78.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F8.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F82.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F90.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F91.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully. c:\program files\Wav\Mod9\F\F98.WAV (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

Via Google en zoeken op oplossingen voor mijn virusprobleem kwam ik op deze site terecht. in tegenstelling tot enkele andere fora leek de uitleg mij hier veel duidelijker! Ondertussen probeer ik samen met enkele andere leden en mod's en admin's het probleem op te lossen. Hopen dat 't lukt. Gr, Emperor

ja, dat zal ik doen morgen is er mss al reactie bedankt voor de hulp!

logje is verschenen (zonder veilige modus): dit stond er: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:26:36, on 24/03/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\PC Tools Security\pctsAuxs.exe C:\Program Files\PC Tools Security\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\PC Tools Security\pctsGui.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Medion Info Display\MdionLCM.exe C:\WINDOWS\system32\CmUCReye.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\AVAST Software\Avast\setup\avast.setup C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\MD40323\ICON.EXE C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\ScanWizard 5\ScannerFinder.exe D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Rainlendar\Rainlendar.exe K:\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: myBabylon English - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe" O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [instantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [sCM] c:\program files\silver crest memory adapter tools2.93\scma.exe sys_auto_run C:\Program Files\Silver Crest Memory Adapter Tools2.93 O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [b2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uNILEX] C:\Program Files\Easy Computing\De Grote Encyclopedie '99\tft.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\DE KEYSER Michaël\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spyware Doctor] C:\Documents and Settings\DE KEYSER Michaël\Bureaublad\sdsetup_revwire207.exe -min O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: 2Mega Camera Manager Monitor.lnk = ? O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ? O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130364442791 O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://D:\Program Files\Land Desktop 3\AcDcToday.ocx O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\Land Desktop 3\AcPreview.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Version Cue CS3 {nl_NL} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Windows Media Player Network Sharing-service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing) O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 20334 bytes

programma blijft precies hangen bij O23 - NT Services loopt het normaal vanzelf nog verder? Of moet ik al iets doen? (ik dacht gewoon wachten op de log)

is het ok als ik de exe run van op de stick? (dat gebeurt nu) of moet ik hem naar bureaublad kopieren? gr, Emp

internetverbinding met geïnfecteerde pc lukt niet (duurt te lang) ik doe het dan maar met de exe van op mijn usb-stick (net 10min!!! gewacht op het pop-upje als je met de rechter muisknop op 'start' klikt :s )

neem ik de Version 2.0.5 (Beta) of de Version 2.0.4 van hjt? om tijd te winnen, gezien mijn pc zo traag werkt: kan ik het exe-bestand downloaden op een andere pc (of mijn laptop) en via een usb-stick 'uitvoeren' op mijn pc? of gaan er dan foute resultaten komen? Of kan ik dan de nodige acties niet allemaal uitvoeren?

ok, doe ik vanaf ik kan. thx voor de info!