Vlietje

Dubbelgeklikt op start.exe: Cannot open file start.exe. Het eerste scherm (met Nederlandse tekst) krijg ik niet; uiteindelijk wel Emsisoft Security Kit geopend, maar binnen 1 seconde komt melding: No suspects files haven been detected during the scan. Ook een scherm gehad van Emsisoft met: Run from USB stick. Dubbelklik op: Scan with Emergency Kit scanner, lukt ook niet. Ook een scherm gehad van Emsisoft met: Security Status. Last malware scan, detected objects total 0.. Emergency Kit: Last update .........Version 1.0.0.25 Update now.. Could not connect to update server. Dit terwijl ik gewoon op internet kan. Wat nu?

ComboFix 12-02-06.02 - Dennis van Vliet 07-02-2012 18:48:58.7.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.459 [GMT 1:00] Gestart vanuit: d:\documenten en settings\Dennis van Vliet\Mijn documenten\Downloads\ComboFix.exe gebruikte Opdracht switches :: d:\documenten en settings\Dennis van Vliet\Bureaublad\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . FILE :: "c:\windows\system32\drivers\auujazlt.sys" "c:\windows\system32\drivers\bxrjgqca.sys" "c:\windows\system32\drivers\chuoqait.sys" "c:\windows\system32\drivers\eymcagsp.sys" "c:\windows\system32\drivers\gctrsuoh.sys" "c:\windows\system32\drivers\ghbwicxs.sys" "c:\windows\system32\drivers\gpjxdwep.sys" "c:\windows\system32\drivers\hctqeagh.sys" "c:\windows\system32\drivers\heqqoblz.sys" "c:\windows\system32\drivers\hoarckkb.sys" "c:\windows\system32\drivers\idozxcgr.sys" "c:\windows\system32\drivers\krgfojfo.sys" "c:\windows\system32\drivers\lgsaarza.sys" "c:\windows\system32\drivers\lxnbnfbd.sys" "c:\windows\system32\drivers\mgeppove.sys" "c:\windows\system32\drivers\ngaxdziq.sys" "c:\windows\system32\drivers\oynnlltp.sys" "c:\windows\system32\drivers\qeexpqlq.sys" "c:\windows\system32\drivers\rsrgjdvu.sys" "c:\windows\system32\drivers\tmunqhnh.sys" "c:\windows\system32\drivers\touzdghc.sys" "c:\windows\system32\drivers\vnzypjnh.sys" "c:\windows\system32\drivers\ypxdllko.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_auujazlt -------\Service_bxrjgqca -------\Service_chuoqait -------\Service_eymcagsp -------\Service_gctrsuoh -------\Service_ghbwicxs -------\Service_gpjxdwep -------\Service_hctqeagh -------\Service_heqqoblz -------\Service_hoarckkb -------\Service_idozxcgr -------\Service_krgfojfo -------\Service_lxnbnfbd -------\Service_mgeppove -------\Service_ngaxdziq -------\Service_oynnlltp -------\Service_qeexpqlq -------\Service_rsrgjdvu -------\Service_tmunqhnh -------\Service_touzdghc -------\Service_vnzypjnh -------\Service_ypxdllko . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))) . . 2012-02-07 18:02 . 2012-02-07 18:02 56200 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C44217FB-D1BA-482D-A36D-63C1DB9B3666}\offreg.dll 2012-02-06 22:02 . 2012-01-06 04:19 6557240 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C44217FB-D1BA-482D-A36D-63C1DB9B3666}\mpengine.dll 2012-02-06 19:35 . 2012-02-06 19:35 -------- d-----w- c:\program files\Common Files\Java 2012-02-06 19:35 . 2012-02-06 19:34 141312 ----a-w- c:\windows\system32\javacpl.cpl 2012-02-06 19:35 . 2012-02-06 19:34 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-02-06 19:34 . 2012-02-06 19:34 -------- d-----w- c:\program files\Java . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-06 19:34 . 2010-12-28 20:15 567184 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-31 12:44 . 2011-11-02 18:39 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-06 04:19 . 2011-11-03 20:23 6557240 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-12-22 06:57 . 2011-12-22 06:57 1409 ----a-w- c:\windows\QTFont.for 2011-12-18 19:34 . 2011-12-18 19:34 574 ----a-w- C:\cleanup.bat 2011-12-18 19:34 . 2011-12-18 19:34 19286 ----a-w- C:\cleanup.exe 2011-12-15 20:31 . 2011-12-15 20:31 388096 ----a-r- d:\documenten en settings\Dennis van Vliet\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-12-10 14:24 . 2011-05-05 09:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-25 21:57 . 2006-03-02 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 14:40 . 2006-03-02 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 06:12 . 2006-03-02 12:00 60928 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:22 . 2006-03-02 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:22 . 2006-03-02 12:00 152064 ----a-w- c:\windows\system32\schannel.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-02-06_19.52.00 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-07 17:59 . 2012-02-07 17:59 16384 c:\windows\Temp\Perflib_Perfdata_6ec.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-06 161336] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "Malwarebytes' Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2011-12-24 460872] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . d:\documenten en settings\Daniëlle van Vliet\Menu Start\Programma's\Opstarten\ Nieuwsbal.lnk - c:\program files\VI Nieuwsbal\Nieuwsbal.exe [N/A] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "d:\\spellen\\TrackMania Original\\TmOriginal.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= . R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [31-10-2010 19:52 14208] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5-7-2006 13:46 63352] R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 15:23 196176] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 17:21 249648] R2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [5-5-2011 10:53 652872] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5-5-2011 10:53 20464] S1 aikbikff;aikbikff;\??\c:\windows\system32\drivers\aikbikff.sys --> c:\windows\system32\drivers\aikbikff.sys [?] S1 aiubdhjs;aiubdhjs;\??\c:\windows\system32\drivers\aiubdhjs.sys --> c:\windows\system32\drivers\aiubdhjs.sys [?] S1 amehpkth;amehpkth;\??\c:\windows\system32\drivers\amehpkth.sys --> c:\windows\system32\drivers\amehpkth.sys [?] S1 azenkacv;azenkacv;\??\c:\windows\system32\drivers\azenkacv.sys --> c:\windows\system32\drivers\azenkacv.sys [?] S1 bigwdnti;bigwdnti;\??\c:\windows\system32\drivers\bigwdnti.sys --> c:\windows\system32\drivers\bigwdnti.sys [?] S1 bkrzsmco;bkrzsmco;\??\c:\windows\system32\drivers\bkrzsmco.sys --> c:\windows\system32\drivers\bkrzsmco.sys [?] S1 cpuuheze;cpuuheze;\??\c:\windows\system32\drivers\cpuuheze.sys --> c:\windows\system32\drivers\cpuuheze.sys [?] S1 gdhequnx;gdhequnx;\??\c:\windows\system32\drivers\gdhequnx.sys --> c:\windows\system32\drivers\gdhequnx.sys [?] S1 ikapplfp;ikapplfp;\??\c:\windows\system32\drivers\ikapplfp.sys --> c:\windows\system32\drivers\ikapplfp.sys [?] S1 iwdxqxbl;iwdxqxbl;\??\c:\windows\system32\drivers\iwdxqxbl.sys --> c:\windows\system32\drivers\iwdxqxbl.sys [?] S1 jyvgecht;jyvgecht;\??\c:\windows\system32\drivers\jyvgecht.sys --> c:\windows\system32\drivers\jyvgecht.sys [?] S1 kheprtza;kheprtza;\??\c:\windows\system32\drivers\kheprtza.sys --> c:\windows\system32\drivers\kheprtza.sys [?] S1 kiyqhyoc;kiyqhyoc;\??\c:\windows\system32\drivers\kiyqhyoc.sys --> c:\windows\system32\drivers\kiyqhyoc.sys [?] S1 lgsaarza;lgsaarza;\??\c:\windows\system32\drivers\lgsaarza.sys --> c:\windows\system32\drivers\lgsaarza.sys [?] S1 lpuyeufg;lpuyeufg;\??\c:\windows\system32\drivers\lpuyeufg.sys --> c:\windows\system32\drivers\lpuyeufg.sys [?] S1 lqdzjjuk;lqdzjjuk;\??\c:\windows\system32\drivers\lqdzjjuk.sys --> c:\windows\system32\drivers\lqdzjjuk.sys [?] S1 lvcxvfje;lvcxvfje;\??\c:\windows\system32\drivers\lvcxvfje.sys --> c:\windows\system32\drivers\lvcxvfje.sys [?] S1 necdjafo;necdjafo;\??\c:\windows\system32\drivers\necdjafo.sys --> c:\windows\system32\drivers\necdjafo.sys [?] S1 oimsuvqr;oimsuvqr;\??\c:\windows\system32\drivers\oimsuvqr.sys --> c:\windows\system32\drivers\oimsuvqr.sys [?] S1 ozkkddkn;ozkkddkn;\??\c:\windows\system32\drivers\ozkkddkn.sys --> c:\windows\system32\drivers\ozkkddkn.sys [?] S1 phxehkts;phxehkts;\??\c:\windows\system32\drivers\phxehkts.sys --> c:\windows\system32\drivers\phxehkts.sys [?] S1 pipkrift;pipkrift;\??\c:\windows\system32\drivers\pipkrift.sys --> c:\windows\system32\drivers\pipkrift.sys [?] S1 ptposogi;ptposogi;\??\c:\windows\system32\drivers\ptposogi.sys --> c:\windows\system32\drivers\ptposogi.sys [?] S1 qftagyge;qftagyge;\??\c:\windows\system32\drivers\qftagyge.sys --> c:\windows\system32\drivers\qftagyge.sys [?] S1 qzyvhhxk;qzyvhhxk;\??\c:\windows\system32\drivers\qzyvhhxk.sys --> c:\windows\system32\drivers\qzyvhhxk.sys [?] S1 skbdkbeo;skbdkbeo;\??\c:\windows\system32\drivers\skbdkbeo.sys --> c:\windows\system32\drivers\skbdkbeo.sys [?] S1 suzyetnt;suzyetnt;\??\c:\windows\system32\drivers\suzyetnt.sys --> c:\windows\system32\drivers\suzyetnt.sys [?] S1 tcklfgkf;tcklfgkf;\??\c:\windows\system32\drivers\tcklfgkf.sys --> c:\windows\system32\drivers\tcklfgkf.sys [?] S1 tjtryurk;tjtryurk;\??\c:\windows\system32\drivers\tjtryurk.sys --> c:\windows\system32\drivers\tjtryurk.sys [?] S1 txjyjcfd;txjyjcfd;\??\c:\windows\system32\drivers\txjyjcfd.sys --> c:\windows\system32\drivers\txjyjcfd.sys [?] S1 voffhwme;voffhwme;\??\c:\windows\system32\drivers\voffhwme.sys --> c:\windows\system32\drivers\voffhwme.sys [?] S1 vwvavwjt;vwvavwjt;\??\c:\windows\system32\drivers\vwvavwjt.sys --> c:\windows\system32\drivers\vwvavwjt.sys [?] S1 wtpbiaen;wtpbiaen;\??\c:\windows\system32\drivers\wtpbiaen.sys --> c:\windows\system32\drivers\wtpbiaen.sys [?] S1 xhafkdhm;xhafkdhm;\??\c:\windows\system32\drivers\xhafkdhm.sys --> c:\windows\system32\drivers\xhafkdhm.sys [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 20:22 135664] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15-8-2010 16:54 30192] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 20:22 135664] S3 PAC207;CamMaestro 3.75 HU PC Camera;c:\windows\system32\drivers\PFC027.sys [8-4-2005 9:46 162176] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [20-9-2009 14:59 18432] . Inhoud van de 'Gedeelde Taken' map . 2012-02-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-07 12:08] . 2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:22] . 2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:22] . 2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1008Core.job - d:\documenten en settings\Dennis van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-24 14:06] . 2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1008UA.job - d:\documenten en settings\Dennis van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-24 14:06] . 2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1012Core.job - d:\documenten en settings\Leon van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:48] . 2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1012UA.job - d:\documenten en settings\Leon van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:48] . 2012-02-07 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39] . 2012-02-07 c:\windows\Tasks\User_Feed_Synchronization-{612F5CDA-23AB-4660-AA75-E6FE940B7079}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nu.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: ziggo.nl\thuishelp TCP: DhcpNameServer = 10.0.0.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-02-07 19:00 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(2124) c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\windows\system32\bgsvcgen.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\windows\System32\PAStiSvc.exe c:\windows\system32\SearchIndexer.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2012-02-07 19:05:17 - machine werd herstart ComboFix-quarantined-files.txt 2012-02-07 18:05 ComboFix2.txt 2012-02-06 19:55 ComboFix3.txt 2011-12-19 15:34 . Pre-Run: 25.986.490.368 bytes beschikbaar Post-Run: 25.920.995.328 bytes beschikbaar . - - End Of File - - 286C0C87D33BF2E7764588F357180E94

ComboFix 12-02-06.02 - Dennis van Vliet 06-02-2012 20:42:35.6.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.465 [GMT 1:00] Gestart vanuit: d:\documenten en settings\Dennis van Vliet\Mijn documenten\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))) . . 2012-02-06 19:41 . 2012-02-06 19:41 41680 ----a-w- c:\windows\system32\drivers\hoarckkb.sys 2012-02-06 19:36 . 2012-02-06 19:36 29904 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE8EEA6B-26BF-43D4-ACCC-1B16A3D55761}\MpKsl6704d361.sys 2012-02-06 19:35 . 2012-02-06 19:35 -------- d-----w- c:\program files\Common Files\Java 2012-02-06 19:35 . 2012-02-06 19:34 141312 ----a-w- c:\windows\system32\javacpl.cpl 2012-02-06 19:35 . 2012-02-06 19:34 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-02-06 19:34 . 2012-02-06 19:34 -------- d-----w- c:\program files\Java 2012-02-06 19:29 . 2012-02-06 19:29 56200 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE8EEA6B-26BF-43D4-ACCC-1B16A3D55761}\offreg.dll 2012-02-06 19:22 . 2012-01-06 04:19 6557240 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE8EEA6B-26BF-43D4-ACCC-1B16A3D55761}\mpengine.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-06 19:34 . 2010-12-28 20:15 567184 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-31 12:44 . 2011-11-02 18:39 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-06 04:19 . 2011-11-03 20:23 6557240 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-12-22 06:57 . 2011-12-22 06:57 1409 ----a-w- c:\windows\QTFont.for 2011-12-18 19:34 . 2011-12-18 19:34 574 ----a-w- C:\cleanup.bat 2011-12-18 19:34 . 2011-12-18 19:34 19286 ----a-w- C:\cleanup.exe 2011-12-15 20:31 . 2011-12-15 20:31 388096 ----a-r- d:\documenten en settings\Dennis van Vliet\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-12-10 14:24 . 2011-05-05 09:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-25 21:57 . 2006-03-02 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 14:40 . 2006-03-02 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 06:12 . 2006-03-02 12:00 60928 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:22 . 2006-03-02 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:22 . 2006-03-02 12:00 152064 ----a-w- c:\windows\system32\schannel.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-06 161336] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "Malwarebytes' Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2011-12-24 460872] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . d:\documenten en settings\Daniëlle van Vliet\Menu Start\Programma's\Opstarten\ Nieuwsbal.lnk - c:\program files\VI Nieuwsbal\Nieuwsbal.exe [N/A] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "d:\\spellen\\TrackMania Original\\TmOriginal.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= . R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [31-10-2010 19:52 14208] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5-7-2006 13:46 63352] R1 MpKsl6704d361;MpKsl6704d361;d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE8EEA6B-26BF-43D4-ACCC-1B16A3D55761}\MpKsl6704d361.sys [6-2-2012 20:36 29904] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 17:21 249648] R2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [5-5-2011 10:53 652872] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5-5-2011 10:53 20464] S1 aiubdhjs;aiubdhjs;\??\c:\windows\system32\drivers\aiubdhjs.sys --> c:\windows\system32\drivers\aiubdhjs.sys [?] S1 auujazlt;auujazlt;\??\c:\windows\system32\drivers\auujazlt.sys --> c:\windows\system32\drivers\auujazlt.sys [?] S1 bxrjgqca;bxrjgqca;\??\c:\windows\system32\drivers\bxrjgqca.sys --> c:\windows\system32\drivers\bxrjgqca.sys [?] S1 chuoqait;chuoqait;\??\c:\windows\system32\drivers\chuoqait.sys --> c:\windows\system32\drivers\chuoqait.sys [?] S1 eymcagsp;eymcagsp;\??\c:\windows\system32\drivers\eymcagsp.sys --> c:\windows\system32\drivers\eymcagsp.sys [?] S1 gctrsuoh;gctrsuoh;\??\c:\windows\system32\drivers\gctrsuoh.sys --> c:\windows\system32\drivers\gctrsuoh.sys [?] S1 ghbwicxs;ghbwicxs;\??\c:\windows\system32\drivers\ghbwicxs.sys --> c:\windows\system32\drivers\ghbwicxs.sys [?] S1 gpjxdwep;gpjxdwep;\??\c:\windows\system32\drivers\gpjxdwep.sys --> c:\windows\system32\drivers\gpjxdwep.sys [?] S1 hctqeagh;hctqeagh;\??\c:\windows\system32\drivers\hctqeagh.sys --> c:\windows\system32\drivers\hctqeagh.sys [?] S1 heqqoblz;heqqoblz;\??\c:\windows\system32\drivers\heqqoblz.sys --> c:\windows\system32\drivers\heqqoblz.sys [?] S1 hoarckkb;hoarckkb;c:\windows\system32\drivers\hoarckkb.sys [6-2-2012 20:41 41680] S1 idozxcgr;idozxcgr;\??\c:\windows\system32\drivers\idozxcgr.sys --> c:\windows\system32\drivers\idozxcgr.sys [?] S1 krgfojfo;krgfojfo;\??\c:\windows\system32\drivers\krgfojfo.sys --> c:\windows\system32\drivers\krgfojfo.sys [?] S1 lgsaarza;lgsaarza;\??\c:\windows\system32\drivers\lgsaarza.sys --> c:\windows\system32\drivers\lgsaarza.sys [?] S1 lxnbnfbd;lxnbnfbd;\??\c:\windows\system32\drivers\lxnbnfbd.sys --> c:\windows\system32\drivers\lxnbnfbd.sys [?] S1 mgeppove;mgeppove;\??\c:\windows\system32\drivers\mgeppove.sys --> c:\windows\system32\drivers\mgeppove.sys [?] S1 ngaxdziq;ngaxdziq;\??\c:\windows\system32\drivers\ngaxdziq.sys --> c:\windows\system32\drivers\ngaxdziq.sys [?] S1 oynnlltp;oynnlltp;\??\c:\windows\system32\drivers\oynnlltp.sys --> c:\windows\system32\drivers\oynnlltp.sys [?] S1 qeexpqlq;qeexpqlq;\??\c:\windows\system32\drivers\qeexpqlq.sys --> c:\windows\system32\drivers\qeexpqlq.sys [?] S1 rsrgjdvu;rsrgjdvu;\??\c:\windows\system32\drivers\rsrgjdvu.sys --> c:\windows\system32\drivers\rsrgjdvu.sys [?] S1 tmunqhnh;tmunqhnh;\??\c:\windows\system32\drivers\tmunqhnh.sys --> c:\windows\system32\drivers\tmunqhnh.sys [?] S1 touzdghc;touzdghc;\??\c:\windows\system32\drivers\touzdghc.sys --> c:\windows\system32\drivers\touzdghc.sys [?] S1 vnzypjnh;vnzypjnh;\??\c:\windows\system32\drivers\vnzypjnh.sys --> c:\windows\system32\drivers\vnzypjnh.sys [?] S1 ypxdllko;ypxdllko;\??\c:\windows\system32\drivers\ypxdllko.sys --> c:\windows\system32\drivers\ypxdllko.sys [?] S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 15:23 196176] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 20:22 135664] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15-8-2010 16:54 30192] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 20:22 135664] S3 PAC207;CamMaestro 3.75 HU PC Camera;c:\windows\system32\drivers\PFC027.sys [8-4-2005 9:46 162176] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [20-9-2009 14:59 18432] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - JAVAQUICKSTARTERSERVICE *NewlyCreated* - MPKSL6704D361 . Inhoud van de 'Gedeelde Taken' map . 2012-02-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-07 12:08] . 2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:22] . 2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:22] . 2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1008Core.job - d:\documenten en settings\Dennis van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-24 14:06] . 2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1008UA.job - d:\documenten en settings\Dennis van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-24 14:06] . 2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1012Core.job - d:\documenten en settings\Leon van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:48] . 2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1012UA.job - d:\documenten en settings\Leon van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:48] . 2012-02-06 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39] . 2012-02-06 c:\windows\Tasks\User_Feed_Synchronization-{612F5CDA-23AB-4660-AA75-E6FE940B7079}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nu.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: ziggo.nl\thuishelp TCP: DhcpNameServer = 10.0.0.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-02-06 20:51 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(3132) c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2012-02-06 20:55:35 ComboFix-quarantined-files.txt 2012-02-06 19:55 ComboFix2.txt 2011-12-19 15:34 . Pre-Run: 25.989.627.904 bytes beschikbaar Post-Run: 25.993.166.848 bytes beschikbaar . - - End Of File - - 756DA74932FEA02B0B63B2438F9D33A8

Probleem luidt: Win32/WinMaximizer. Aanbevolen actie: verwijderen. Dat heb ik nu 3x gedaan, vervolgens 3x opnieuw opgestart en 3x komt "gevaar" terug. Graag verzoek ik u om het logje te onderzoeken. Hieronder heb ik mijn logje geplaatst. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:03:03, on 6-2-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft\BingBar\BBSvc.EXE C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\System32\svchost.exe D:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Microsoft Security Client\msseces.exe D:\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe D:\Documenten en settings\Dennis van Vliet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documenten en settings\Dennis van Vliet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documenten en settings\Dennis van Vliet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documenten en settings\Dennis van Vliet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documenten en settings\Dennis van Vliet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documenten en settings\Dennis van Vliet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documenten en settings\Dennis van Vliet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documenten en settings\Dennis van Vliet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "D:\Documenten en settings\Dennis van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223728169984 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MBAMService - Malwarebytes Corporation - D:\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 10335 bytes

Graag zou ik het volgende nog willen weten: In uw vorige bericht stond: "Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen." Systeemherstel op alle stations uitschakelen stond bij mij al die tijd aangevinkt. Is het beter om het vinkje weg te laten??

ComboFix 11-12-19.01 - Dennis van Vliet 19-12-2011 16:22:09.5.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.410 [GMT 1:00] Gestart vanuit: d:\documenten en settings\Dennis van Vliet\Bureaublad\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\zip.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))) . . 2011-12-19 12:11 . 2011-12-19 12:11 29904 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{345ABB5F-FBCB-4E8D-85FA-4CAD3032C6C1}\MpKsl8ce0380c.sys 2011-12-19 12:11 . 2011-12-19 12:11 56200 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{345ABB5F-FBCB-4E8D-85FA-4CAD3032C6C1}\offreg.dll 2011-12-18 19:39 . 2011-11-21 10:47 6823496 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{345ABB5F-FBCB-4E8D-85FA-4CAD3032C6C1}\mpengine.dll 2011-12-18 19:34 . 2011-12-18 19:34 574 ----a-w- C:\cleanup.bat 2011-12-18 19:34 . 2011-12-18 19:34 19286 ----a-w- C:\cleanup.exe 2011-12-15 20:31 . 2011-12-15 20:31 388096 ----a-r- d:\documenten en settings\Dennis van Vliet\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-12-07 20:44 . 2011-12-07 20:44 -------- d-----r- d:\documenten en settings\NetworkService\Favorieten 2011-12-07 20:36 . 2011-12-07 20:36 -------- d-----w- d:\documenten en settings\Daniëlle van Vliet\AppData 2011-12-07 20:31 . 2011-12-07 20:31 -------- d-----w- d:\documenten en settings\MyCom\AppData 2011-12-06 20:48 . 2011-12-06 20:48 -------- d-----w- d:\documenten en settings\Dennis van Vliet\Application Data\FinalTorrent 2011-12-06 20:13 . 2011-12-06 20:13 -------- d-----w- d:\documenten en settings\Dennis van Vliet\Application Data\Fighters 2011-12-06 16:26 . 2011-12-06 16:26 -------- d-----w- c:\program files\File Type Assistant 2011-12-06 16:23 . 2011-12-06 16:24 -------- d-----w- d:\documenten en settings\All Users\Application Data\Fighters 2011-12-06 16:22 . 2011-12-06 16:22 -------- d-----w- c:\program files\Chrome 2011-12-06 13:33 . 2011-12-06 13:33 -------- d-----w- d:\documenten en settings\All Users\Application Data\Premium 2011-12-06 13:33 . 2011-12-06 17:59 -------- d-----w- d:\documenten en settings\All Users\Application Data\InstallMate . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 14:40 . 2006-03-02 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-21 10:47 . 2011-11-03 20:23 6823496 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-11-15 13:29 . 2011-11-02 18:39 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-04 19:13 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2006-03-02 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2006-03-02 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2004-08-04 00:58 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 18:13 . 2011-10-18 18:13 1409 ----a-w- c:\windows\QTFont.for 2011-10-18 11:13 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2005-09-16 18:26 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2006-03-02 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-12-16_07.51.04 ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-19 12:11 . 2011-12-19 12:11 16384 c:\windows\Temp\Perflib_Perfdata_730.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-06 161336] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "Malwarebytes' Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . d:\documenten en settings\Daniëlle van Vliet\Menu Start\Programma's\Opstarten\ Nieuwsbal.lnk - c:\program files\VI Nieuwsbal\Nieuwsbal.exe [N/A] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "d:\\spellen\\TrackMania Original\\TmOriginal.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= . R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [31-10-2010 19:52 14208] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5-7-2006 13:46 63352] R1 MpKsl8ce0380c;MpKsl8ce0380c;d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{345ABB5F-FBCB-4E8D-85FA-4CAD3032C6C1}\MpKsl8ce0380c.sys [19-12-2011 13:11 29904] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 17:21 249648] R2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [5-5-2011 10:53 366152] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5-5-2011 10:53 22216] S1 MpKsl8dbdf6b1;MpKsl8dbdf6b1;\??\d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1284D16B-603B-4B3F-AD33-178925BB82FD}\MpKsl8dbdf6b1.sys --> d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1284D16B-603B-4B3F-AD33-178925BB82FD}\MpKsl8dbdf6b1.sys [?] S1 MpKsl8e9e377e;MpKsl8e9e377e;\??\d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1499E6B7-969D-4066-96E0-149064490D04}\MpKsl8e9e377e.sys --> d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1499E6B7-969D-4066-96E0-149064490D04}\MpKsl8e9e377e.sys [?] S1 MpKslae521332;MpKslae521332;\??\d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE0FEB8-A377-48B8-8097-FE4E12570856}\MpKslae521332.sys --> d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE0FEB8-A377-48B8-8097-FE4E12570856}\MpKslae521332.sys [?] S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 15:23 196176] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 20:22 135664] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15-8-2010 16:54 30192] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 20:22 135664] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 PAC207;CamMaestro 3.75 HU PC Camera;c:\windows\system32\drivers\PFC027.sys [8-4-2005 9:46 162176] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [20-9-2009 14:59 18432] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MPKSL8CE0380C . Inhoud van de 'Gedeelde Taken' map . 2011-12-17 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-07 12:08] . 2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:22] . 2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:22] . 2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1012Core.job - d:\documenten en settings\Leon van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:48] . 2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1012UA.job - d:\documenten en settings\Leon van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:48] . 2011-12-19 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39] . 2011-12-19 c:\windows\Tasks\User_Feed_Synchronization-{612F5CDA-23AB-4660-AA75-E6FE940B7079}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nu.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: ziggo.nl\thuishelp TCP: DhcpNameServer = 10.0.0.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-12-19 16:31 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(516) c:\windows\system32\igfxdev.dll . Voltooingstijd: 2011-12-19 16:34:10 ComboFix-quarantined-files.txt 2011-12-19 15:34 ComboFix2.txt 2011-12-17 10:04 ComboFix3.txt 2011-12-16 11:33 ComboFix4.txt 2011-12-16 08:56 ComboFix5.txt 2011-12-19 15:20 . Pre-Run: 25.412.116.480 bytes beschikbaar Post-Run: 25.395.089.408 bytes beschikbaar . - - End Of File - - 43794987922C3467773160B197E41AE9

////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Service Pack 3) Sun Dec 18 20:33:38 2011 20:33:38: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Service Pack 3) Sun Dec 18 20:33:43 2011 20:33:43: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Folder "d:\documenten en settings\Daniëlle van Vliet\Application Data\searchqutoolbar" deleted successfully. Folder "d:\documenten en settings\Daniëlle van Vliet\Application Data\searchquband" deleted successfully. Completed script processing. ******************* Finished! Terminate.

Nee, dan krijg ik een menu dat heet: "WinZip - KillBox.zip" met de mogelijkheid: - New - Open - Favorites - Add - Extract enz. Onder Name staat: KillBox.exe, Type Toepassing, Modified 17-12-2011 Size 0 Ratio 0% Packed 0. Dus ik zal wel iets verkeerds gedaan hebben. Ik heb net nog even geprobeerd KillBox op te slaan (bestaat al wilt u het vervangen? als je ja klikt dan is er 0 bytes gedownload) en bij uitvoeren krijg ik de melding die ik bij nr. 17 genoemd heb.

Ik doe vast iets fout: ik heb (denk ik) Killbox unzipped en geprobeerd te openen maar dat lukt niet. Het veld "Full path of file to delete" komt niet tevoorschijn. Ik krijg wel de tekst "D:\Documenten en settings\Dennis van Vliet\Mijn documenten\ Unzipped\Killbox\Killbox.exe is niet een geldige Win32-toepassing" Killbox staat op bureaublad met icoontje: witblauw blaadje met rechterhoek omgevouwen, linksmidden geel mapje in een blauw standaardje.. Wat doe ik verkeerd?

Dat vind ik moeilijk te zeggen: toen ik donderdag de discussie startte, gaf de virusscanner om de 2 minuten aan dat er gevaar dreigde, dat deze de "aanvaller" in quarantaine had gezet of had verwijderd en steeds moest de computer opnieuw opgestart worden. De vreemde toolbars (die ik ook in de logjes heb zien langskomen) zoals searchqu en bingbar heb ik niet meer gesignaleerd en mijn eigen virusscanner is inmiddels ook weer rustig. Nieuwe internetpagina's worden wel sneller geopend dan een week geleden, nadat de vreemde toolbars ineens opdoken. Betekent dit alles dat het probleem verholpen is en dat de vreemde indringers door al uw geadviseerde acties zijn verwijderd?

ComboFix 11-12-16.03 - Dennis van Vliet 17-12-2011 10:46:55.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.523 [GMT 1:00] Gestart vanuit: d:\documenten en settings\Dennis van Vliet\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: d:\documenten en settings\Dennis van Vliet\Bureaublad\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . FILE :: "c:\windows\system32\drivers\hitmanpro3.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\iLivid c:\program files\iLivid\ilivid.exe c:\program files\iLivid\ilivid.ico c:\program files\iLivid\imageformats\qgif4.dll c:\program files\iLivid\imageformats\qjpeg4.dll c:\program files\iLivid\libeay32.dll c:\program files\iLivid\libgcc_s_dw2-1.dll c:\program files\iLivid\mingwm10.dll c:\program files\iLivid\phonon4.dll c:\program files\iLivid\QtCore4.dll c:\program files\iLivid\QtGui4.dll c:\program files\iLivid\QtNetwork4.dll c:\program files\iLivid\QtScript4.dll c:\program files\iLivid\QtSvg4.dll c:\program files\iLivid\QtWebKit4.dll c:\program files\iLivid\QtXmlPatterns4.dll c:\program files\iLivid\script.qscript c:\program files\iLivid\script1.81.qscript c:\program files\iLivid\ssleay32.dll c:\program files\Windows iLivid Toolbar c:\program files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll c:\program files\Windows iLivid Toolbar\Datamngr\datamngr.dll c:\program files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe c:\program files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll c:\program files\Windows iLivid Toolbar\Datamngr\IEBHO.dll c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\as_guid.dat c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\template.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\ca.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\divider.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\email.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\games.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\images.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\logo.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\mail.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\modify.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\music.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\news.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\search.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\settings.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\translate.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\weather.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\web.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\components\windowmediator.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\manifest.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\uninstall.exe c:\program files\Windows iLivid Toolbar\sysid.ini c:\program files\Windows iLivid Toolbar\uninstall.exe d:\documenten en settings\All Users\Application Data\Babylon d:\documenten en settings\All Users\Application Data\Babylon\BabAll.dat d:\documenten en settings\Annette van Vliet\AppData d:\documenten en settings\Annette van Vliet\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED} d:\documenten en settings\Dennis van Vliet\AppData d:\documenten en settings\Dennis van Vliet\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED} d:\documenten en settings\Leon van Vliet\AppData d:\documenten en settings\Leon van Vliet\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED} . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_HITMANPRO3 -------\Service_hitmanpro3 . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))) . . 2011-12-17 09:58 . 2011-12-17 09:58 56200 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1499E6B7-969D-4066-96E0-149064490D04}\offreg.dll 2011-12-16 20:44 . 2011-11-21 10:47 6823496 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1499E6B7-969D-4066-96E0-149064490D04}\mpengine.dll 2011-12-15 20:31 . 2011-12-15 20:31 388096 ----a-r- d:\documenten en settings\Dennis van Vliet\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-12-07 20:44 . 2011-12-07 20:44 -------- d-----r- d:\documenten en settings\NetworkService\Favorieten 2011-12-07 20:36 . 2011-12-07 20:37 -------- d-----w- d:\documenten en settings\Daniëlle van Vliet\Application Data\searchqutoolbar 2011-12-07 20:36 . 2011-12-07 20:36 -------- d-----w- d:\documenten en settings\Daniëlle van Vliet\Application Data\searchquband 2011-12-07 20:36 . 2011-12-07 20:36 -------- d-----w- d:\documenten en settings\Daniëlle van Vliet\AppData 2011-12-07 20:31 . 2011-12-07 20:31 -------- d-----w- d:\documenten en settings\MyCom\AppData 2011-12-06 20:48 . 2011-12-06 20:48 -------- d-----w- d:\documenten en settings\Dennis van Vliet\Application Data\FinalTorrent 2011-12-06 20:13 . 2011-12-06 20:13 -------- d-----w- d:\documenten en settings\Dennis van Vliet\Application Data\Fighters 2011-12-06 16:26 . 2011-12-06 16:26 -------- d-----w- c:\program files\File Type Assistant 2011-12-06 16:23 . 2011-12-06 16:24 -------- d-----w- d:\documenten en settings\All Users\Application Data\Fighters 2011-12-06 16:22 . 2011-12-06 16:22 -------- d-----w- c:\program files\Chrome 2011-12-06 13:33 . 2011-12-06 13:33 -------- d-----w- d:\documenten en settings\All Users\Application Data\Premium 2011-12-06 13:33 . 2011-12-06 17:59 -------- d-----w- d:\documenten en settings\All Users\Application Data\InstallMate . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 14:40 . 2006-03-02 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-21 10:47 . 2011-11-03 20:23 6823496 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-11-15 13:29 . 2011-11-02 18:39 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-04 19:13 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2006-03-02 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2006-03-02 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2004-08-04 00:58 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 18:13 . 2011-10-18 18:13 1409 ----a-w- c:\windows\QTFont.for 2011-10-18 11:13 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2005-09-16 18:26 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2006-03-02 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-12-16_07.51.04 ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-17 09:59 . 2011-12-17 09:59 16384 c:\windows\Temp\Perflib_Perfdata_6f0.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-06 161336] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "Malwarebytes' Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . d:\documenten en settings\Daniëlle van Vliet\Menu Start\Programma's\Opstarten\ Nieuwsbal.lnk - c:\program files\VI Nieuwsbal\Nieuwsbal.exe [N/A] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "d:\\spellen\\TrackMania Original\\TmOriginal.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= . R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [31-10-2010 19:52 14208] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5-7-2006 13:46 63352] R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 15:23 196176] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 17:21 249648] R2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [5-5-2011 10:53 366152] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5-5-2011 10:53 22216] S1 MpKsl8dbdf6b1;MpKsl8dbdf6b1;\??\d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1284D16B-603B-4B3F-AD33-178925BB82FD}\MpKsl8dbdf6b1.sys --> d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1284D16B-603B-4B3F-AD33-178925BB82FD}\MpKsl8dbdf6b1.sys [?] S1 MpKsl8e9e377e;MpKsl8e9e377e;\??\d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1499E6B7-969D-4066-96E0-149064490D04}\MpKsl8e9e377e.sys --> d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1499E6B7-969D-4066-96E0-149064490D04}\MpKsl8e9e377e.sys [?] S1 MpKslae521332;MpKslae521332;\??\d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE0FEB8-A377-48B8-8097-FE4E12570856}\MpKslae521332.sys --> d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE0FEB8-A377-48B8-8097-FE4E12570856}\MpKslae521332.sys [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 20:22 135664] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15-8-2010 16:54 30192] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 20:22 135664] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 PAC207;CamMaestro 3.75 HU PC Camera;c:\windows\system32\drivers\PFC027.sys [8-4-2005 9:46 162176] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [20-9-2009 14:59 18432] . Inhoud van de 'Gedeelde Taken' map . 2011-12-17 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-07 12:08] . 2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:22] . 2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:22] . 2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1012Core.job - d:\documenten en settings\Leon van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:48] . 2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1012UA.job - d:\documenten en settings\Leon van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:48] . 2011-12-17 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39] . 2011-12-17 c:\windows\Tasks\User_Feed_Synchronization-{612F5CDA-23AB-4660-AA75-E6FE940B7079}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nu.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: ziggo.nl\thuishelp TCP: DhcpNameServer = 10.0.0.1 . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-Windows Searchqu Toolbar - c:\program files\Windows iLivid Toolbar\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-12-17 11:00 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(3900) c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\savedump.exe c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\windows\system32\bgsvcgen.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\windows\System32\PAStiSvc.exe c:\windows\system32\SearchIndexer.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2011-12-17 11:04:04 - machine werd herstart ComboFix-quarantined-files.txt 2011-12-17 10:04 ComboFix2.txt 2011-12-16 11:33 ComboFix3.txt 2011-12-16 08:56 ComboFix4.txt 2011-12-16 07:54 . Pre-Run: 25.570.025.472 bytes beschikbaar Post-Run: 25.414.807.552 bytes beschikbaar . - - End Of File - - 07992B2F316C36987C3376E61A26D6F6

ComboFix 11-12-16.01 - Dennis van Vliet 16-12-2011 12:22:05.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.418 [GMT 1:00] Gestart vanuit: d:\documenten en settings\Dennis van Vliet\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: d:\documenten en settings\Dennis van Vliet\Bureaublad\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Yontoo Layers Runtime c:\program files\Yontoo Layers Runtime\YontooIEClient.dll d:\documenten en settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824} d:\documenten en settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.dat d:\documenten en settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe d:\documenten en settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.lnk d:\documenten en settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.msi d:\documenten en settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.par d:\documenten en settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.res d:\documenten en settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}\instance.dat d:\documenten en settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}\mia.lib d:\documenten en settings\All Users\Application Data\boost_interprocess d:\documenten en settings\All Users\Application Data\boost_interprocess\F0F9CBC1E6B4CC01\{1832B446-3F6D-4880-99C1-0B3B26170D94} d:\documenten en settings\Dennis van Vliet\Application Data\Apizar d:\documenten en settings\Dennis van Vliet\Application Data\Apizar\gepyl.gua d:\documenten en settings\Dennis van Vliet\Application Data\Apizar\gepyl.tmp d:\documenten en settings\Dennis van Vliet\Application Data\Elowwu . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))) . . 2011-12-16 11:10 . 2011-12-16 11:10 56200 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73427762-5AAE-42C2-9490-728D4325B0B7}\offreg.dll 2011-12-15 20:31 . 2011-12-15 20:31 388096 ----a-r- d:\documenten en settings\Dennis van Vliet\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-12-15 17:07 . 2011-11-21 10:47 6823496 ------w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73427762-5AAE-42C2-9490-728D4325B0B7}\mpengine.dll 2011-12-07 20:44 . 2011-12-07 20:44 -------- d-----r- d:\documenten en settings\NetworkService\Favorieten 2011-12-07 20:36 . 2011-12-07 20:37 -------- d-----w- d:\documenten en settings\Daniëlle van Vliet\Application Data\searchqutoolbar 2011-12-07 20:36 . 2011-12-07 20:36 -------- d-----w- d:\documenten en settings\Daniëlle van Vliet\Application Data\searchquband 2011-12-07 20:36 . 2011-12-07 20:36 -------- d-----w- d:\documenten en settings\Daniëlle van Vliet\AppData 2011-12-07 20:31 . 2011-12-07 20:31 -------- d-----w- d:\documenten en settings\MyCom\AppData 2011-12-07 14:29 . 2011-12-07 14:29 -------- d-----w- d:\documenten en settings\Leon van Vliet\AppData 2011-12-07 13:53 . 2011-12-07 13:53 -------- d-----w- d:\documenten en settings\Annette van Vliet\AppData 2011-12-06 20:48 . 2011-12-06 20:48 -------- d-----w- d:\documenten en settings\Dennis van Vliet\Application Data\FinalTorrent 2011-12-06 20:25 . 2011-12-06 20:25 -------- d-----w- d:\documenten en settings\Dennis van Vliet\AppData 2011-12-06 20:13 . 2011-12-06 20:13 -------- d-----w- d:\documenten en settings\Dennis van Vliet\Application Data\Fighters 2011-12-06 19:01 . 2011-12-06 19:01 -------- d-----w- c:\program files\iLivid 2011-12-06 19:00 . 2011-12-06 19:01 -------- d-----w- c:\program files\Windows iLivid Toolbar 2011-12-06 16:26 . 2011-12-06 16:26 -------- d-----w- c:\program files\File Type Assistant 2011-12-06 16:23 . 2011-12-06 16:24 -------- d-----w- d:\documenten en settings\All Users\Application Data\Fighters 2011-12-06 16:22 . 2011-12-06 16:22 -------- d-----w- c:\program files\Chrome 2011-12-06 13:33 . 2011-12-06 13:33 -------- d-----w- d:\documenten en settings\All Users\Application Data\Babylon 2011-12-06 13:33 . 2011-12-06 13:33 -------- d-----w- d:\documenten en settings\All Users\Application Data\Premium 2011-12-06 13:33 . 2011-12-06 17:59 -------- d-----w- d:\documenten en settings\All Users\Application Data\InstallMate . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 14:40 . 2006-03-02 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-21 10:47 . 2011-11-03 20:23 6823496 ------w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-11-15 13:29 . 2011-11-02 18:39 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-04 19:13 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2006-03-02 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2006-03-02 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2004-08-04 00:58 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 18:13 . 2011-10-18 18:13 1409 ----a-w- c:\windows\QTFont.for 2011-10-18 11:13 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2005-09-16 18:26 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2006-03-02 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-12-16_07.51.04 ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-16 11:10 . 2011-12-16 11:10 16384 c:\windows\Temp\Perflib_Perfdata_7e0.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-06 161336] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "Malwarebytes' Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . d:\documenten en settings\Daniëlle van Vliet\Menu Start\Programma's\Opstarten\ Nieuwsbal.lnk - c:\program files\VI Nieuwsbal\Nieuwsbal.exe [N/A] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "d:\\spellen\\TrackMania Original\\TmOriginal.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"= . R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [31-10-2010 19:52 14208] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5-7-2006 13:46 63352] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 17:21 249648] R2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [5-5-2011 10:53 366152] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5-5-2011 10:53 22216] S1 MpKsl8dbdf6b1;MpKsl8dbdf6b1;\??\d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1284D16B-603B-4B3F-AD33-178925BB82FD}\MpKsl8dbdf6b1.sys --> d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1284D16B-603B-4B3F-AD33-178925BB82FD}\MpKsl8dbdf6b1.sys [?] S1 MpKslae521332;MpKslae521332;\??\d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE0FEB8-A377-48B8-8097-FE4E12570856}\MpKslae521332.sys --> d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE0FEB8-A377-48B8-8097-FE4E12570856}\MpKslae521332.sys [?] S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 15:23 196176] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 20:22 135664] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15-8-2010 16:54 30192] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 20:22 135664] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 PAC207;CamMaestro 3.75 HU PC Camera;c:\windows\system32\drivers\PFC027.sys [8-4-2005 9:46 162176] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [20-9-2009 14:59 18432] . Inhoud van de 'Gedeelde Taken' map . 2011-12-16 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-07 12:08] . 2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:22] . 2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:22] . 2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1012Core.job - d:\documenten en settings\Leon van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:48] . 2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1012UA.job - d:\documenten en settings\Leon van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:48] . 2011-12-16 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39] . 2011-12-16 c:\windows\Tasks\User_Feed_Synchronization-{612F5CDA-23AB-4660-AA75-E6FE940B7079}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nu.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: ziggo.nl\thuishelp TCP: DhcpNameServer = 10.0.0.1 . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-iLivid - d:\documenten en settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe AddRemove-{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406} - d:\documenten en settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-12-16 12:30 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2470042473-3128491902-2835929602-1012\Software\SecuROM\License information*] "datasecu"=hex:03,bc,75,7c,04,e4,30,94,83,ce,aa,20,58,e1,87,0e,f4,8a,b0,6a,64, 87,7e,f1,39,7b,6a,88,30,e0,ac,67,a0,4f,09,38,da,6e,f9,8e,59,73,3f,7a,79,47,\ "rkeysecu"=hex:79,1b,81,17,ef,ce,6e,81,60,aa,8a,63,5d,11,7c,56 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(516) c:\windows\system32\igfxdev.dll . Voltooingstijd: 2011-12-16 12:33:44 ComboFix-quarantined-files.txt 2011-12-16 11:33 ComboFix2.txt 2011-12-16 08:56 ComboFix3.txt 2011-12-16 07:54 . Pre-Run: 25.633.513.472 bytes beschikbaar Post-Run: 25.606.569.984 bytes beschikbaar . - - End Of File - - 3D4C08F8F9FBADD1F7DC944D9D60CD1C

ComboFix 11-12-16.01 - Dennis van Vliet 16-12-2011 9:44.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.383 [GMT 1:00] Gestart vanuit: d:\documenten en settings\Dennis van Vliet\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: d:\documenten en settings\Dennis van Vliet\Bureaublad\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . d:\documenten en settings\Dennis van Vliet\Application Data\searchquband d:\documenten en settings\Dennis van Vliet\Application Data\searchqutoolbar d:\documenten en settings\Dennis van Vliet\Application Data\searchqutoolbar\dtx.ini d:\documenten en settings\Dennis van Vliet\Application Data\searchqutoolbar\geodata.xml d:\documenten en settings\Dennis van Vliet\Application Data\searchqutoolbar\guid.dat d:\documenten en settings\Dennis van Vliet\Application Data\searchqutoolbar\log.txt d:\documenten en settings\Dennis van Vliet\Application Data\searchqutoolbar\preferences.dat d:\documenten en settings\Dennis van Vliet\Application Data\searchqutoolbar\stats.dat d:\documenten en settings\Dennis van Vliet\Application Data\searchqutoolbar\uninstallIE.dat d:\documenten en settings\Dennis van Vliet\Application Data\searchqutoolbar\version.xml . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))) . . 2011-12-16 07:13 . 2011-12-16 07:13 29904 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73427762-5AAE-42C2-9490-728D4325B0B7}\MpKsl77a5435f.sys 2011-12-16 07:13 . 2011-12-16 07:13 56200 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73427762-5AAE-42C2-9490-728D4325B0B7}\offreg.dll 2011-12-15 20:31 . 2011-12-15 20:31 388096 ----a-r- d:\documenten en settings\Dennis van Vliet\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-12-15 17:07 . 2011-11-21 10:47 6823496 ------w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73427762-5AAE-42C2-9490-728D4325B0B7}\mpengine.dll 2011-12-15 15:18 . 2011-12-15 15:32 -------- d-----w- d:\documenten en settings\Dennis van Vliet\Application Data\Elowwu 2011-12-15 15:18 . 2011-12-15 15:23 -------- d-----w- d:\documenten en settings\Dennis van Vliet\Application Data\Apizar 2011-12-07 20:44 . 2011-12-07 20:44 -------- d-----r- d:\documenten en settings\NetworkService\Favorieten 2011-12-07 20:36 . 2011-12-07 20:37 -------- d-----w- d:\documenten en settings\Daniëlle van Vliet\Application Data\searchqutoolbar 2011-12-07 20:36 . 2011-12-07 20:36 -------- d-----w- d:\documenten en settings\Daniëlle van Vliet\Application Data\searchquband 2011-12-07 20:36 . 2011-12-07 20:36 -------- d-----w- d:\documenten en settings\Daniëlle van Vliet\AppData 2011-12-07 20:31 . 2011-12-07 20:31 -------- d-----w- d:\documenten en settings\MyCom\AppData 2011-12-07 14:29 . 2011-12-07 14:29 -------- d-----w- d:\documenten en settings\Leon van Vliet\AppData 2011-12-07 14:28 . 2011-12-07 14:28 -------- d-----w- d:\documenten en settings\All Users\Application Data\boost_interprocess 2011-12-07 13:53 . 2011-12-07 13:53 -------- d-----w- d:\documenten en settings\Annette van Vliet\AppData 2011-12-06 20:48 . 2011-12-06 20:48 -------- d-----w- d:\documenten en settings\Dennis van Vliet\Application Data\FinalTorrent 2011-12-06 20:25 . 2011-12-06 20:25 -------- d-----w- d:\documenten en settings\Dennis van Vliet\AppData 2011-12-06 20:13 . 2011-12-06 20:13 -------- d-----w- d:\documenten en settings\Dennis van Vliet\Application Data\Fighters 2011-12-06 19:01 . 2011-12-06 19:01 -------- dc-h--w- d:\documenten en settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824} 2011-12-06 19:01 . 2011-12-06 19:01 -------- d-----w- c:\program files\iLivid 2011-12-06 19:00 . 2011-12-06 19:01 -------- d-----w- c:\program files\Windows iLivid Toolbar 2011-12-06 16:26 . 2011-12-06 16:26 -------- d-----w- c:\program files\File Type Assistant 2011-12-06 16:24 . 2011-12-06 16:24 -------- d-----w- c:\program files\Yontoo Layers Runtime 2011-12-06 16:23 . 2011-12-06 16:24 -------- d-----w- d:\documenten en settings\All Users\Application Data\Fighters 2011-12-06 16:22 . 2011-12-06 16:22 -------- d-----w- c:\program files\Chrome 2011-12-06 13:33 . 2011-12-06 13:33 -------- d-----w- d:\documenten en settings\All Users\Application Data\Babylon 2011-12-06 13:33 . 2011-12-06 13:33 -------- d-----w- d:\documenten en settings\All Users\Application Data\Premium 2011-12-06 13:33 . 2011-12-06 17:59 -------- d-----w- d:\documenten en settings\All Users\Application Data\InstallMate . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 14:40 . 2006-03-02 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-21 10:47 . 2011-11-03 20:23 6823496 ------w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-11-15 13:29 . 2011-11-02 18:39 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-04 19:13 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2006-03-02 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2006-03-02 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2004-08-04 00:58 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 18:13 . 2011-10-18 18:13 1409 ----a-w- c:\windows\QTFont.for 2011-10-18 11:13 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2005-09-16 18:26 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2006-03-02 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-06 161336] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "Malwarebytes' Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . d:\documenten en settings\Daniëlle van Vliet\Menu Start\Programma's\Opstarten\ Nieuwsbal.lnk - c:\program files\VI Nieuwsbal\Nieuwsbal.exe [N/A] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "d:\\spellen\\TrackMania Original\\TmOriginal.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"= . R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [31-10-2010 19:52 14208] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5-7-2006 13:46 63352] R1 MpKsl77a5435f;MpKsl77a5435f;d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73427762-5AAE-42C2-9490-728D4325B0B7}\MpKsl77a5435f.sys [16-12-2011 8:13 29904] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 17:21 249648] R2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [5-5-2011 10:53 366152] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5-5-2011 10:53 22216] S1 MpKsl8dbdf6b1;MpKsl8dbdf6b1;\??\d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1284D16B-603B-4B3F-AD33-178925BB82FD}\MpKsl8dbdf6b1.sys --> d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1284D16B-603B-4B3F-AD33-178925BB82FD}\MpKsl8dbdf6b1.sys [?] S1 MpKslae521332;MpKslae521332;\??\d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE0FEB8-A377-48B8-8097-FE4E12570856}\MpKslae521332.sys --> d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE0FEB8-A377-48B8-8097-FE4E12570856}\MpKslae521332.sys [?] S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 15:23 196176] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 20:22 135664] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15-8-2010 16:54 30192] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 20:22 135664] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 PAC207;CamMaestro 3.75 HU PC Camera;c:\windows\system32\drivers\PFC027.sys [8-4-2005 9:46 162176] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [20-9-2009 14:59 18432] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MPKSL77A5435F *Deregistered* - cpuz132 . Inhoud van de 'Gedeelde Taken' map . 2011-12-16 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-07 12:08] . 2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:22] . 2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:22] . 2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1012Core.job - d:\documenten en settings\Leon van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:48] . 2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1012UA.job - d:\documenten en settings\Leon van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:48] . 2011-12-16 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39] . 2011-12-16 c:\windows\Tasks\User_Feed_Synchronization-{612F5CDA-23AB-4660-AA75-E6FE940B7079}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nu.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: ziggo.nl\thuishelp TCP: DhcpNameServer = 10.0.0.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-12-16 09:53 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(516) c:\windows\system32\igfxdev.dll . Voltooingstijd: 2011-12-16 09:56:10 ComboFix-quarantined-files.txt 2011-12-16 08:56 ComboFix2.txt 2011-12-16 07:54 . Pre-Run: 25.648.766.976 bytes beschikbaar Post-Run: 25.631.678.464 bytes beschikbaar . - - End Of File - - 2A49A8CE718DE666A05A796C58668C4F Ik hoop dat ik het goed gedaan heb, want ComboFix ging alles weer opnieuw scannen. Moet mijn virusscanner nog steeds uitgeschakeld blijven?

ComboFix 11-12-15.02 - Dennis van Vliet 16-12-2011 8:36.1.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.355 [GMT 1:00]Gestart vanuit: d:\documenten en settings\Dennis van Vliet\Bureaublad\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}..(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))..C:\~GLHTTP1.TMPc:\windows\IsUn0413.exec:\windows\system\QTIM32.DLLd:\documenten en settings\All Users\AdbeRdr708_nl_NL.exed:\documenten en settings\All Users\Application Data\Tarma Installerd:\documenten en settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dlld:\documenten en settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dlld:\documenten en settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.datd:\documenten en settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exed:\documenten en settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.icod:\documenten en settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dlld:\documenten en settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dlld:\documenten en settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.datd:\documenten en settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exed:\documenten en settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.icod:\documenten en settings\Annette van Vliet\WINDOWSd:\documenten en settings\Dennis van Vliet\WINDOWSd:\documenten en settings\Leon van Vliet\WINDOWSd:\documenten en settings\MyCom\WINDOWS..(((((((((((((((((((( Bestanden Gemaakt van 2011-11-16 to 2011-12-16 ))))))))))))))))))))))))))))))..2011-12-16 07:13 . 2011-12-16 07:13 29904 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73427762-5AAE-42C2-9490-728D4325B0B7}\MpKsl77a5435f.sys2011-12-16 07:13 . 2011-12-16 07:13 56200 ----a-w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73427762-5AAE-42C2-9490-728D4325B0B7}\offreg.dll2011-12-15 20:31 . 2011-12-15 20:31 388096 ----a-r- d:\documenten en settings\Dennis van Vliet\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2011-12-15 17:07 . 2011-11-21 10:47 6823496 ------w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73427762-5AAE-42C2-9490-728D4325B0B7}\mpengine.dll2011-12-15 15:18 . 2011-12-15 15:32 -------- d-----w- d:\documenten en settings\Dennis van Vliet\Application Data\Elowwu2011-12-15 15:18 . 2011-12-15 15:23 -------- d-----w- d:\documenten en settings\Dennis van Vliet\Application Data\Apizar2011-12-07 20:44 . 2011-12-07 20:44 -------- d-----r- d:\documenten en settings\NetworkService\Favorieten2011-12-07 20:36 . 2011-12-07 20:37 -------- d-----w- d:\documenten en settings\Daniëlle van Vliet\Application Data\searchqutoolbar2011-12-07 20:36 . 2011-12-07 20:36 -------- d-----w- d:\documenten en settings\Daniëlle van Vliet\Application Data\searchquband2011-12-07 20:36 . 2011-12-07 20:36 -------- d-----w- d:\documenten en settings\Daniëlle van Vliet\AppData2011-12-07 20:31 . 2011-12-07 20:31 -------- d-----w- d:\documenten en settings\MyCom\AppData2011-12-07 14:29 . 2011-12-07 14:29 -------- d-----w- d:\documenten en settings\Leon van Vliet\AppData2011-12-07 14:28 . 2011-12-07 14:28 -------- d-----w- d:\documenten en settings\All Users\Application Data\boost_interprocess2011-12-07 13:53 . 2011-12-07 13:53 -------- d-----w- d:\documenten en settings\Annette van Vliet\AppData2011-12-06 20:48 . 2011-12-06 20:48 -------- d-----w- d:\documenten en settings\Dennis van Vliet\Application Data\FinalTorrent2011-12-06 20:25 . 2011-12-06 20:25 -------- d-----w- d:\documenten en settings\Dennis van Vliet\Application Data\searchquband2011-12-06 20:25 . 2011-12-06 20:25 -------- d-----w- d:\documenten en settings\Dennis van Vliet\AppData2011-12-06 20:25 . 2011-12-06 20:29 -------- d-----w- d:\documenten en settings\Dennis van Vliet\Application Data\searchqutoolbar2011-12-06 20:13 . 2011-12-06 20:13 -------- d-----w- d:\documenten en settings\Dennis van Vliet\Application Data\Fighters2011-12-06 19:01 . 2011-12-06 19:01 -------- dc-h--w- d:\documenten en settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}2011-12-06 19:01 . 2011-12-06 19:01 -------- d-----w- c:\program files\iLivid2011-12-06 19:00 . 2011-12-06 19:01 -------- d-----w- c:\program files\Windows iLivid Toolbar2011-12-06 16:26 . 2011-12-06 16:26 -------- d-----w- c:\program files\File Type Assistant2011-12-06 16:24 . 2011-12-06 16:24 -------- d-----w- c:\program files\Yontoo Layers Runtime2011-12-06 16:23 . 2011-12-06 16:24 -------- d-----w- d:\documenten en settings\All Users\Application Data\Fighters2011-12-06 16:22 . 2011-12-06 16:22 -------- d-----w- c:\program files\Chrome2011-12-06 13:33 . 2011-12-06 13:33 -------- d-----w- d:\documenten en settings\All Users\Application Data\Babylon2011-12-06 13:33 . 2011-12-06 13:33 -------- d-----w- d:\documenten en settings\All Users\Application Data\Premium2011-12-06 13:33 . 2011-12-06 17:59 -------- d-----w- d:\documenten en settings\All Users\Application Data\InstallMate...((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-23 14:40 . 2006-03-02 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys2011-11-21 10:47 . 2011-11-03 20:23 6823496 ------w- d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2011-11-15 13:29 . 2011-11-02 18:39 222080 ------w- c:\windows\system32\MpSigStub.exe2011-11-04 19:13 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll2011-11-04 19:13 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-11-04 19:13 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-11-04 11:25 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec2011-11-01 16:07 . 2006-03-02 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll2011-10-28 05:32 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll2011-10-26 10:50 . 2006-03-02 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe2011-10-26 10:50 . 2004-08-04 00:58 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe2011-10-18 18:13 . 2011-10-18 18:13 1409 ----a-w- c:\windows\QTFont.for2011-10-18 11:13 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll2011-10-10 14:22 . 2005-09-16 18:26 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-09-28 07:06 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 09:41 . 2006-03-02 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll..((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 68856].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-06 161336]"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]"Malwarebytes' Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2011-08-31 449608].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360].d:\documenten en settings\Daniëlle van Vliet\Menu Start\Programma's\Opstarten\Nieuwsbal.lnk - c:\program files\VI Nieuwsbal\Nieuwsbal.exe [N/A].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128].[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="d:\\spellen\\TrackMania Original\\TmOriginal.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=.R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [31-10-2010 19:52 14208]R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5-7-2006 13:46 63352]R1 MpKsl77a5435f;MpKsl77a5435f;d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73427762-5AAE-42C2-9490-728D4325B0B7}\MpKsl77a5435f.sys [16-12-2011 8:13 29904]R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 17:21 249648]R2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [5-5-2011 10:53 366152]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5-5-2011 10:53 22216]S1 MpKsl8dbdf6b1;MpKsl8dbdf6b1;\??\d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1284D16B-603B-4B3F-AD33-178925BB82FD}\MpKsl8dbdf6b1.sys --> d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1284D16B-603B-4B3F-AD33-178925BB82FD}\MpKsl8dbdf6b1.sys [?]S1 MpKslae521332;MpKslae521332;\??\d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE0FEB8-A377-48B8-8097-FE4E12570856}\MpKslae521332.sys --> d:\documenten en settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFE0FEB8-A377-48B8-8097-FE4E12570856}\MpKslae521332.sys [?]S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 15:23 196176]S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 20:22 135664]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15-8-2010 16:54 30192]S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 20:22 135664]S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]S3 PAC207;CamMaestro 3.75 HU PC Camera;c:\windows\system32\drivers\PFC027.sys [8-4-2005 9:46 162176]S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [20-9-2009 14:59 18432].--- Andere Services/Drivers In Geheugen ---.*NewlyCreated* - MPKSL77A5435F*Deregistered* - cpuz132.Inhoud van de 'Gedeelde Taken' map.2011-12-16 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-07 12:08].2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:22].2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:22].2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1012Core.job- d:\documenten en settings\Leon van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:48].2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470042473-3128491902-2835929602-1012UA.job- d:\documenten en settings\Leon van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:48].2011-12-16 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39].2011-12-16 c:\windows\Tasks\PCCT - MAGIX AG.job- d:\magix\MxTray.exe [2010-10-31 12:35].2011-12-16 c:\windows\Tasks\User_Feed_Synchronization-{612F5CDA-23AB-4660-AA75-E6FE940B7079}.job- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]..------- Bijkomende Scan -------.uStart Page = hxxp://www.nu.nl/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000Trusted Zone: ziggo.nl\thuishelpTCP: DhcpNameServer = 10.0.0.1.- - - - ORPHANS VERWIJDERD - - - -.Toolbar-10 - (no file)HKU-Default-Run-PCSpeedUp - c:\program files\PC Speed Up\PCSpeedUp.lnkAddRemove-Action Man Jungle Storm - c:\windows\IsUn0413.exeAddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exeAddRemove-Midtown Madness 1.0 - d:\spellen\UNINSTAL.EXEAddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - d:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exeAddRemove-WN Wereld@tlas - c:\windows\IsUn0413.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-12-16 08:50Windows 5.1.2600 Service Pack 3 NTFS.scannen van verborgen processen ... .scannen van verborgen autostart items ... .scannen van verborgen bestanden ... .Scan succesvol afgerondverborgen bestanden: 0.**************************************************************************.--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL".--------------------- DLLs Geladen Onder Lopende Processen ---------------------.- - - - - - - > 'winlogon.exe'(516)c:\windows\system32\igfxdev.dll.Voltooingstijd: 2011-12-16 08:54:06ComboFix-quarantined-files.txt 2011-12-16 07:54.Pre-Run: 24.914.616.320 bytes beschikbaarPost-Run: 25.635.393.536 bytes beschikbaar.WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect.- - End Of File - - 1CD14A4152104BB5FA6F584E77164AD1

Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Databaseversie: 8377 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 15-12-2011 23:09:35 mbam-log-2011-12-15 (23-09-35).txt Scantype: Snelle scan Objecten gescand: 294801 Verstreken tijd: 38 minuut/minuten, 23 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: d:\documenten en settings\annette van vliet\local settings\Temp\222.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:19:43, on 15-12-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft\BingBar\BBSvc.EXE C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe D:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE D:\Magix\MxTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Microsoft Security Client\msseces.exe D:\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223728169984 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - D:\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 10114 bytes Succes.

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:35:58, on 15-12-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE D:\Magix\MxTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe D:\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223728169984 O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} (EAFO3AXLauncher Control) - FIFA Online | The FIFA Online beta has now ended O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O20 - AppInit_DLLs: C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 10867 bytes

Melding van 'Backdoor:Win32/Reyds.A' en 'PWS:Win32/Zbos.gen!AI' zijn wel in quarentaine geplaatst maar ik krijg ze niet verwijderd. Ik ben bang dat er nog meer troep geïnstalleerd is door ongewenste programma's. Graag roep ik uw deskundige hulp in.

Ik kreeg het advies van iemand om niet meer met internet explorer te werken, maar een andere internet aanbieder te nemen; klopt het dat met explorer meer problemen te verwachten zijn dan met andere aanbieders?

is het nog verstandig om mijn 'logjes' te verwijderen; ik weet niet of iemand er iets verkeerds mee kan doen??

Nee, maar ik heb de hele dag nog geen meldingen gehad van Security Shield. Gistermiddag heb ik diverse keren de McAfee scan aangezet; eerst met internet aan en dan sloot hij automatisch af als er zo'n 20% gescand was. Daarna heb ik internet afgesloten en toen heeft hij de hele computer gescand maar geen problemen gevonden. Vanmorgen heb ik internet gestart om me voor deze pc-helpforum aan te melden en te werken aan een oplossing en ik heb vandaag nog geen melding gehad. Is dat niet vreemd? Kan ik Malwarebytes en HijackThis gewoon op mijn pc laten staan? Doet McAfee wel zijn werk, nu hij Security Shield niet heeft herkend? In ieder geval ben ik u heel veel dank verschuldigd voor alle tijd die u in ons computerprobleem heeft gestoken.

De stappen heb ik uitgevoerd en hier volgt het logje van mbam: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 6511 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5-5-2011 12:59:50 mbam-log-2011-05-05 (12-59-50).txt Scantype: Snelle scan Objecten gescand: 261462 Verstreken tijd: 47 minuut/minuten, 53 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 2 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 3 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: d:\documenten en settings\annette van vliet\local settings\application data\yqsemrhnig.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. d:\documenten en settings\annette van vliet\menu start\programma's\security shield.lnk (Rogue.SecurityShield) -> Quarantined and deleted successfully. c:\WINDOWS\system32\OEMLINK.ICO (Malware.Trace) -> Quarantined and deleted successfully. en nu van hjt: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:23:59, on 5-5-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe D:\Magix\MxTray.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Aanmelden R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101106175641.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: iWatchNow Media Center - {750A64D8-DFAA-485B-A335-F7093333FBB7} - C:\Program Files\iWatchNow, Inc.\iWatchNow Media Center\iwnvod.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223728169984 O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} (EAFO3AXLauncher Control) - FIFA Online | The FIFA Online beta has now ended O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 13113 bytes Ik wacht weer vol spanning en verwachting af.

Super bedankt voor de snelle reactie. Als ik alles goedgedaan heb, volgt hier het log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:45:00, on 5-5-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe D:\Magix\MxTray.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\system32\msiexec.exe D:\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Aanmelden R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing) O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101106175641.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-21-2470042473-3128491902-2835929602-1012\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Leon van Vliet') O4 - HKUS\S-1-5-21-2470042473-3128491902-2835929602-1012\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Leon van Vliet') O4 - HKUS\S-1-5-21-2470042473-3128491902-2835929602-1012\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Leon van Vliet') O4 - HKUS\S-1-5-21-2470042473-3128491902-2835929602-1012\..\Run: [Google Update] "D:\Documenten en settings\Leon van Vliet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'Leon van Vliet') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: iWatchNow Media Center - {750A64D8-DFAA-485B-A335-F7093333FBB7} - C:\Program Files\iWatchNow, Inc.\iWatchNow Media Center\iwnvod.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: MyCom - {568C3606-3807-4805-A821-5A3CBE8C32DB} - ComputerWinkel MyCom (file missing) (HKCU) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223728169984 O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} (EAFO3AXLauncher Control) - FIFA Online | The FIFA Online beta has now ended O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 14832 bytes

Eergister heeft een van mijn huisgenoten geklikt op een e-mail en daarmee Security Shield geïnstalleerd. Ik heb meerdere forums gelezen en er zijn mensen op deze forum die je kunnen helpen als je je kladblok met problemen plaatst. Wie zou mij kunnen en willen helpen?