Shaggy1986

Kape, is er nog iets wat ik zou kunnen doen?

ik krijg hem nog steeds

hier het logbestand van autofix: ComboFix 11-06-24.02 - MSK 24-06-2011 21:33:59.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.4095.2607 [GMT 2:00] Gestart vanuit: G:\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\burnlib.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\dsp_sps.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\enc_aacplus.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\enc_flac.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\enc_flake.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\enc_lame.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\enc_vorbis.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\enc_wav.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\enc_wma.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_crasher.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_dropbox.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_ff.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_hotkeys.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_jumpex.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_ml.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_orgler.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_tray.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\gen_undo.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_avi.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_cdda.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_dshow.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_flac.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_flv.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_linein.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_midi.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_mkv.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_mod.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_mp3.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_mp4.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_nsv.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_swf.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_vorbis.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_wav.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_wave.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_wm.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\in_wv.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_addons.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_autotag.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_bookmarks.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_dash.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_disc.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_history.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_impex.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_local.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_nowplaying.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_online.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_orb.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_playlists.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_plg.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_pmp.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_rg.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_transcode.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ml_wire.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\ombrowser.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\out_disk.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\out_ds.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\out_wave.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\playlist.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\pmp_activesync.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\pmp_ipod.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\pmp_njb.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\pmp_p4s.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\pmp_usb.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\tagz.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\vis_avs.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\vis_milk2.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\vis_nsfs.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\winamp.lng c:\users\MSK\AppData\Local\Temp\WLZ8FA1.tmp\winampa.lng . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-24 to 2011-06-24 )))))))))))))))))))))))))))))) . . 2011-06-24 19:40 . 2011-06-24 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-24 11:33 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-06-24 11:33 . 2011-06-24 11:33 -------- d-----w- c:\programdata\Malwarebytes 2011-06-24 11:33 . 2011-06-24 11:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-06-24 11:33 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 06:52 . 2011-06-24 06:52 -------- d-----w- c:\program files\ESET 2011-06-24 06:12 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{486EE331-FD72-4181-B2E7-E1C632A87D17}\mpengine.dll 2011-06-23 11:52 . 2011-06-23 11:52 -------- d-----w- c:\program files (x86)\2K Sports 2011-06-21 12:51 . 2011-06-21 12:51 -------- d-----w- c:\program files (x86)\EA Sports 2011-06-20 10:12 . 2011-06-20 10:12 -------- d-----w- c:\program files (x86)\Creative 2011-06-20 10:12 . 2007-07-03 11:11 1503232 ------w- c:\windows\SysWow64\adi_oal.dll 2011-06-20 10:12 . 2007-07-03 11:14 1828352 ------w- c:\windows\system32\adi_oal.dll 2011-06-20 10:12 . 2011-06-20 10:12 -------- d-----w- c:\program files (x86)\Common Files\InstallShield 2011-06-20 10:12 . 2008-05-14 13:11 58880 ----a-w- c:\windows\SysWow64\SFFXComm.dll 2011-06-20 10:12 . 2011-06-20 10:12 -------- d-----w- c:\programdata\SonicFocus 2011-06-20 10:12 . 2011-06-20 10:12 -------- d-----w- c:\program files (x86)\Analog Devices 2011-06-20 06:41 . 2011-06-20 06:41 -------- d-----w- c:\program files\Common Files\Logitech 2011-06-20 06:41 . 2011-06-20 06:41 -------- d-----w- c:\program files\Logitech 2011-06-18 11:30 . 2011-06-18 11:30 -------- d-----w- c:\programdata\Codemasters 2011-06-18 11:29 . 2011-06-18 11:29 -------- d-----w- c:\windows\SysWow64\xlive 2011-06-18 11:29 . 2011-06-18 11:29 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE 2011-06-18 11:20 . 2011-06-18 11:20 -------- d-----w- c:\program files (x86)\BRS 2011-06-18 11:20 . 2011-03-19 13:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll 2011-06-18 11:20 . 2010-09-22 11:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll 2011-06-18 11:20 . 2011-06-18 11:20 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2011-06-18 11:20 . 2011-06-18 11:20 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2011-06-18 11:20 . 2011-06-18 11:20 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2011-06-18 11:20 . 2011-06-18 11:20 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2011-06-18 11:20 . 2011-06-18 11:20 -------- d-----w- c:\program files (x86)\OpenAL 2011-06-18 11:20 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmp195B.tmp 2011-06-18 11:19 . 2010-06-02 02:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll 2011-06-18 11:19 . 2010-06-02 02:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll 2011-06-18 11:19 . 2010-06-02 02:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll 2011-06-18 11:19 . 2010-05-26 09:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll 2011-06-18 11:19 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2011-06-18 11:19 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2011-06-18 11:19 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll 2011-06-18 11:19 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll 2011-06-18 11:15 . 2011-06-18 11:15 -------- d-----w- c:\program files (x86)\Codemasters 2011-06-18 10:38 . 2011-06-18 10:38 -------- d-----w- c:\program files (x86)\SystemRequirementsLab 2011-06-18 10:38 . 2011-06-18 10:38 -------- d-----w- c:\windows\Sun 2011-06-15 16:11 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL 2011-06-15 15:18 . 2011-06-15 15:18 -------- d-----w- c:\program files (x86)\Storm Frontline Nation 2011-06-15 14:02 . 2010-05-20 22:57 80944 ----a-w- c:\windows\system32\drivers\vmci.sys 2011-06-15 14:02 . 2010-05-20 22:57 68656 ----a-w- c:\windows\system32\drivers\vmx86.sys 2011-06-15 14:01 . 2010-05-20 22:56 334384 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe 2011-06-15 14:01 . 2010-05-20 22:56 399920 ----a-w- c:\windows\SysWow64\vmnat.exe 2011-06-15 14:01 . 2010-05-20 22:54 30256 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2011-06-15 14:01 . 2010-05-20 19:19 24112 ----a-w- c:\windows\system32\drivers\vmnet.sys 2011-06-15 14:00 . 2010-05-20 22:57 968752 ----a-w- c:\windows\system32\vnetlib64.dll 2011-06-15 14:00 . 2010-05-20 22:55 31792 ----a-w- c:\windows\system32\drivers\VMkbd.sys 2011-06-15 14:00 . 2010-05-20 21:40 38448 ----a-w- c:\windows\system32\drivers\hcmon.sys 2011-06-15 14:00 . 2011-06-15 14:00 -------- d-----w- c:\program files (x86)\Common Files\VMware 2011-06-15 14:00 . 2011-06-24 19:42 -------- d-----w- c:\programdata\VMware 2011-06-15 14:00 . 2011-06-15 14:00 -------- d-----w- c:\program files (x86)\VMware 2011-06-15 13:52 . 2011-06-15 13:52 -------- d-----w- c:\programdata\launcher 2011-06-15 13:52 . 2011-06-15 13:52 -------- d-----w- c:\programdata\explauncher 2011-06-15 13:51 . 2011-06-15 13:51 -------- dc----w- c:\windows\system32\DRVSTORE 2011-06-15 13:51 . 2010-01-17 11:10 37392 ----a-w- c:\windows\system32\drivers\hotcore3.sys 2011-06-15 13:50 . 2011-06-15 13:50 -------- d-----w- c:\program files (x86)\Paragon Software 2011-06-15 13:28 . 2008-02-14 02:57 13576 ----a-w- c:\windows\SysWow64\wnaspi32.dll 2011-06-15 10:57 . 2011-06-15 10:57 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-06-14 19:10 . 2011-06-14 19:10 551896 ----a-w- c:\windows\system32\appdrvrem01.exe 2011-06-14 19:10 . 2011-06-14 19:10 3854000 ----a-w- c:\windows\system32\drivers\appdrv01.sys 2011-06-14 16:54 . 2011-06-14 16:54 828912 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-06-14 16:53 . 2011-06-14 16:54 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro 2011-06-14 16:53 . 2011-06-14 16:53 -------- d-----w- c:\programdata\DAEMON Tools Pro 2011-06-14 16:38 . 2011-06-14 17:08 -------- d-----w- c:\program files (x86)\Cyanide 2011-06-14 13:08 . 2011-06-14 13:08 -------- d-sh--w- c:\programdata\DSS 2011-06-14 13:04 . 2008-03-05 14:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll 2011-06-14 11:36 . 2011-06-15 13:31 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2011-06-14 11:14 . 2011-06-14 11:14 -------- d-----w- c:\program files (x86)\QuickPar 2011-06-14 10:01 . 2011-06-14 10:01 -------- d-----w- c:\program files (x86)\AltBinz 2011-06-14 09:56 . 2011-06-14 09:56 -------- d-----w- c:\program files (x86)\SpotLite 2011-06-13 21:04 . 2011-06-14 09:55 -------- d-----w- c:\programdata\Spotnet 2011-06-13 21:00 . 2011-06-13 21:00 -------- d-----w- c:\windows\system32\appmgmt 2011-06-13 20:45 . 2011-06-13 21:02 -------- d-----w- c:\program files (x86)\Notepad++ 2011-06-13 20:45 . 2011-06-13 20:45 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-06-13 20:45 . 2011-06-13 20:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-06-13 20:45 . 2011-06-13 20:45 -------- d-----w- c:\program files (x86)\Java 2011-06-13 16:40 . 2011-06-13 16:40 -------- d-----w- c:\programdata\Sony Ericsson 2011-06-13 16:40 . 2011-06-13 16:40 -------- d-----w- c:\program files (x86)\Sony Ericsson 2011-06-13 16:26 . 2011-06-13 16:26 -------- d-----w- c:\program files (x86)\MyPhoneExplorer 2011-06-13 16:22 . 2011-06-13 16:22 -------- d-----w- c:\program files (x86)\Elaborate Bytes 2011-06-13 16:22 . 2011-06-13 16:22 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack 2011-06-13 15:11 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll 2011-06-13 15:11 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll 2011-06-13 15:10 . 2011-06-13 15:10 -------- d-----w- c:\program files (x86)\Winamp Detect 2011-06-13 15:10 . 2011-06-13 15:10 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine 2011-06-13 15:10 . 2011-06-13 15:11 -------- d-----w- c:\program files (x86)\Winamp 2011-06-13 14:42 . 2011-06-13 14:42 -------- d-----w- c:\program files (x86)\Kerio 2011-06-13 14:37 . 2011-06-13 14:37 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2011-06-13 14:37 . 2011-06-13 14:48 -------- d-----w- c:\program files (x86)\Microsoft.NET 2011-06-13 14:37 . 2011-06-13 14:37 -------- d-----w- c:\windows\PCHEALTH 2011-06-13 14:37 . 2011-06-13 14:37 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework 2011-06-13 14:37 . 2011-06-13 14:37 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2011-06-13 14:36 . 2011-06-13 14:36 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2011-06-13 14:35 . 2011-06-13 14:35 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2011-06-13 14:35 . 2011-06-23 07:37 -------- d-----w- c:\programdata\Microsoft Help 2011-06-13 14:35 . 2011-06-13 14:35 -------- d-----r- C:\MSOCache 2011-06-13 14:30 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-06-13 14:30 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll 2011-06-13 14:17 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2011-06-13 14:17 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2011-06-13 14:11 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll 2011-06-13 14:11 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll 2011-06-13 14:10 . 2011-06-13 13:14 -------- d-----w- c:\windows\Panther 2011-06-13 14:09 . 2011-06-13 14:09 -------- d-----w- c:\windows\system32\oem 2011-06-13 14:03 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys 2011-06-13 14:00 . 2009-11-25 10:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll 2011-06-13 14:00 . 2009-11-25 10:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll 2011-06-13 14:00 . 2009-11-25 10:47 48960 ----a-w- c:\windows\system32\netfxperf.dll 2011-06-13 14:00 . 2009-11-25 10:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll 2011-06-13 14:00 . 2009-11-25 10:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe 2011-06-13 14:00 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll 2011-06-13 14:00 . 2009-11-25 10:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2011-06-13 14:00 . 2009-11-25 10:47 444752 ----a-w- c:\windows\system32\mscoree.dll 2011-06-13 14:00 . 2009-11-25 10:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe 2011-06-13 14:00 . 2009-11-25 10:47 1942856 ----a-w- c:\windows\system32\dfshim.dll 2011-06-13 13:59 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2011-06-13 13:54 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys 2011-06-13 13:53 . 2011-06-13 13:53 -------- d-----w- c:\windows\SysWow64\en 2011-06-13 13:53 . 2011-06-13 13:53 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\en-US 2011-06-13 13:53 . 2011-06-13 13:53 -------- d-----w- c:\windows\SysWow64\0409 2011-06-13 13:53 . 2011-06-13 13:53 -------- d-----w- c:\windows\SysWow64\wbem\en-US . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-20 06:49 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2011-06-20 06:49 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-25 07:25 . 2009-07-13 21:59 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2011-04-15 23:40 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmp194B.tmp 2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll 2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-09-02 1302528] . c:\users\MSK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Winamp.lnk - c:\program files (x86)\Winamp\winamp.exe [2010-12-9 1595744] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Alt.Binz.lnk - c:\program files (x86)\AltBinz\altbinz.exe [2007-9-27 1069568] Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe [2011-6-13 303456] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] R4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x] R4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-04-20 152064] R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-05-20 539184] S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-04-09 731840] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2011-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2767330528-3365173347-2677098965-1001Core.job - c:\users\MSK\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 14:27] . 2011-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2767330528-3365173347-2677098965-1001UA.job - c:\users\MSK\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 14:27] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2692008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll LSP: N:\vsocklib.dll TCP: DhcpNameServer = 192.168.1.1 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info] @Denied: (2) (LocalSystem) "AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\" "DataDir"="ESET\\ESET NOD32 Antivirus\\" "EditionName"=" " "InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\" "LanguageId"=dword:00000413 "PackageTag"=dword:6090e758 "ProductBase"=dword:00000000 "ProductCode"="{644F1613-7BCB-472E-A4F3-79A92940C244}" "ProductName"="ESET NOD32 Antivirus" "ProductType"="eav" "ProductVersion"="4.0.424.0" "UniqueId"="0018EDA84E04345A" "ScannerBuild"=dword:00001283 "ScannerVersionId"=dword:00000f9d "ScannerVersion"="Open window for status." "FixId"=dword:00000007 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\SysWOW64\vmnat.exe c:\windows\SysWOW64\vmnetdhcp.exe c:\users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe c:\windows\SysWOW64\rundll32.exe c:\users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe . ************************************************************************** . Voltooingstijd: 2011-06-24 21:46:23 - machine werd herstart ComboFix-quarantined-files.txt 2011-06-24 19:46 . Pre-Run: 599.347.597.312 bytes beschikbaar Post-Run: 599.410.327.552 bytes beschikbaar . - - End Of File - - 6266BF8692B8F3D410EC601F5AF94C06

Ik heb MBAM laten draaien. Hier volgt het log bestand: Malwarebytes' Anti-Malware 1.51.0.1200 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 6937 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 24-6-2011 13:38:20 mbam-log-2011-06-24 (13-38-20).txt Scantype: Snelle scan Objecten gescand: 178570 Verstreken tijd: 3 minuut/minuten, 28 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 3 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\W1WIWQ1NPG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\Users\MSK\AppData\Roaming\ctfmon.exe (Trojan.VB) -> Quarantined and deleted successfully. Daarna opnieuw opgestart en HJT weer laten scannen. daar kwam het volgende uit: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:44:11, on 24-6-2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16800) Boot mode: Normal Running processes: C:\Program Files (x86)\AltBinz\altbinz.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files (x86)\Winamp\winamp.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe C:\Program Files (x86)\Kerio\Outlook Connector (Offline Edition)\KoffBackend.exe C:\Users\MSK\AppData\Local\Alt.Binz\misc\par2.exe C:\Users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-2767330528-3365173347-2677098965-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2767330528-3365173347-2677098965-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: Winamp.lnk = C:\Program Files (x86)\Winamp\winamp.exe O4 - Global Startup: Alt.Binz.lnk = C:\Program Files (x86)\AltBinz\altbinz.exe O4 - Global Startup: Microsoft Outlook 2010.lnk = ? O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: n:\vsocklib.dll O10 - Unknown file in Winsock LSP: n:\vsocklib.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9454 bytes ik heb soundmax, winamp en outlook bewust niet aangevinkt bij de eerste HJT scan. bij het opstarten kreeg ik nog steeds dezelfde melding van ESET.

Hallo Kape, allereerst bedankt voor de hulp. Ik zie dat ik een drietal bestanden (soundmax, winamp en outlook) moet fixen. Die programma's laat ik automatisch opstarten bij het aanzetten van mijn pc. Is dat waar HiJackThis een melding van maakt (en zo ja, moet ik deze dan alsnog fixen) of is er echt iets mis met de bestanden?

Hallo Asus, bij deze het HJT-log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:31:13, on 24-6-2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16800) Boot mode: Normal Running processes: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files (x86)\Winamp\winamp.exe C:\Program Files (x86)\Kerio\Outlook Connector (Offline Edition)\KoffBackend.exe C:\Users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\MSK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray O4 - HKCU\..\Run: [4ECYTQ9SIC] C:\Users\MSK\AppData\Local\Temp\Kfc.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-2767330528-3365173347-2677098965-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2767330528-3365173347-2677098965-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: Winamp.lnk = C:\Program Files (x86)\Winamp\winamp.exe O4 - Global Startup: Alt.Binz.lnk = C:\Program Files (x86)\AltBinz\altbinz.exe O4 - Global Startup: Microsoft Outlook 2010.lnk = ? O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: n:\vsocklib.dll O10 - Unknown file in Winsock LSP: n:\vsocklib.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9453 bytes

Beste lezer, sinds een paar dagen krijg ik bij het opstarten van mijn pc de melding: Eset smart security 4 heeft de bovenstaande virus gevonden in MBR sector of the 3. physical disk, maar kan hem niet verwijderen. ik heb gezien dat er al eerder een post is geweest over dit virus, maar dat is inmiddels gesloten.