Samuel_Belgium

Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4292 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 8/07/2010 18:05:51 mbam-log-2010-07-08 (18-05-51).txt Scantype: Snelle scan Objecten gescand: 119820 Verstreken tijd: 3 minuut/minuten, 59 seconde(n) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 3 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 6 Geheugenprocessen geïnfecteerd: C:\Users\Samuel\AppData\Roaming\explorer.exe (Worm.Palevo) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows explorer (Worm.Palevo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows firewall (Worm.Palevo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet (Backdoor.Bot) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\Users\Samuel\AppData\Roaming\explorer.exe (Worm.Palevo) -> Quarantined and deleted successfully. C:\Users\Samuel\AppData\Roaming\rundll32.exe (Worm.Palevo) -> Quarantined and deleted successfully. C:\Users\Samuel\AppData\Local\Temp\91mC8JT.exe (Worm.Palevo) -> Quarantined and deleted successfully. C:\Users\Samuel\AppData\Local\Temp\erase_me340592.exe (Worm.Palevo) -> Quarantined and deleted successfully. C:\Users\Samuel\AppData\Local\Temp\install.48596.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. C:\Users\Samuel\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:01:26, on 12/07/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe J:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 2297 bytes Als ik met HijackThis scan, krijg ik wel deze foutmelding Tips hebt qua beveiliging van Windows 7 zijn altijd welkom. Dank bij voorbaat

Hallo, Ik krijg al een tijdje meldingen over de Worm Win32/Pushbot.gen!C van Microsoft Security Essentials. Ik kies altijd om te verwijderen, maar een aantal minuten nadien krijg ik weer dezelfde melding. Ik heb een logje gemaakt met hijackthis. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:02:48, on 8/07/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Samuel\AppData\Roaming\explorer.exe C:\Users\Samuel\AppData\Roaming\winos.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Windows\system32\mrt.exe C:\Windows\system32\mrt.exe J:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKCU\..\Run: [Windows Firewall] C:\Users\Samuel\AppData\Roaming\rundll32.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [internet] 1 O4 - HKCU\..\Run: [Windows Explorer] C:\Users\Samuel\AppData\Roaming\explorer.exe O4 - HKCU\..\Run: [updates] C:\Users\Samuel\AppData\Roaming\winos.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 2766 bytes Alvast bedankt voor de hulp!

Geen problemen meer, bedankt. Dit topic mag gesloten worden.

Malwarebytes' Anti-Malware 1.41 Database versie: 3110 Windows 5.1.2600 Service Pack 3 7/11/2009 16:45:56 mbam-log-2009-11-07 (16-45-56).txt Scan type: Snelle Scan Objecten gescand: 116194 Verstreken tijd: 3 minute(s), 50 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:46:54, on 7/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rohos\agent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Privacyware\Privatefirewall 6.1\pfsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\eBoostr\EBstrSvc.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Qliner Hotkeys\HotKeys.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\EssentialPIM Pro\EssentialPIM.exe C:\Program Files\EssentialPIM Pro\EssentialPIM.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\eBoostr\eBoostrCP.exe C:\Program Files\Launchy\Launchy.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000311.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [00Hotkeys] "C:\Program Files\Qliner Hotkeys\HotKeys.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EssentialPIM Pro] "C:\Program Files\EssentialPIM Pro\EssentialPIM.exe" /autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe O8 - Extra context menu item: Download met LeechGet - file://C:\Program Files\LeechGet 2009\\AddUrl.html O8 - Extra context menu item: Download met LeechGet Wizard - file://C:\Program Files\LeechGet 2009\\Wizard.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verwerk met LeechGet (Parse) - file://C:\Program Files\LeechGet 2009\\Parser.html O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Privacyware network service (PFNet) - Privacyware/PWI, Inc. - C:\Program Files\Privacyware\Privatefirewall 6.1\pfsvc.exe O23 - Service: Rohos Disk service (Rohos Disk) - Tesline-Service SRL - C:\Program Files\Rohos\agent.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 13962 bytes

Zou iemand deze log eens willen nakijken, want verschillende dingen werken niet meer op men pc. Dank u Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:07:59, on 7/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rohos\agent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Privacyware\Privatefirewall 6.1\pfsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\eBoostr\EBstrSvc.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Qliner Hotkeys\HotKeys.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\EssentialPIM Pro\EssentialPIM.exe C:\Program Files\EssentialPIM Pro\EssentialPIM.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\eBoostr\eBoostrCP.exe C:\Program Files\Launchy\Launchy.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000311.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [00Hotkeys] "C:\Program Files\Qliner Hotkeys\HotKeys.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EssentialPIM Pro] "C:\Program Files\EssentialPIM Pro\EssentialPIM.exe" /autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Download met LeechGet - file://C:\Program Files\LeechGet 2009\\AddUrl.html O8 - Extra context menu item: Download met LeechGet Wizard - file://C:\Program Files\LeechGet 2009\\Wizard.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verwerk met LeechGet (Parse) - file://C:\Program Files\LeechGet 2009\\Parser.html O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: McAfee Application Installer Cleanup (0158881248710809) (0158881248710809mcinstcleanup) - - (no file) O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: KFQIBYJ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Samuel\LOCALS~1\Temp\KFQIBYJ.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Privacyware network service (PFNet) - Privacyware/PWI, Inc. - C:\Program Files\Privacyware\Privatefirewall 6.1\pfsvc.exe O23 - Service: Rohos Disk service (Rohos Disk) - Tesline-Service SRL - C:\Program Files\Rohos\agent.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 14737 bytes

Ik heb HD Tune Pro eens op mijn pc geïnstalleerd om te kijken hoe het met mijn harde schijven zit. Maar ik weet niet juist wat ik uit deze resultaten moet afleiden. Weet iemand wat hier juist wordt weergegeven ? Alvast bedankt!

Ja heb nog een probleem, mijn computer start na een tijdje altijd opnieuw op en geeft dan de volgende foutmelding: Microsoft Windows Het systeem is hersteld van een ernstige fout =>Technische gegevens Inhoud De volgende bestanden worden aan dit foutenrapport toegevoegd C:\DOCUME~1\Samurai\LOCALS~1\Temp\WER7937.dir00\Mini062009-02.dmp C:\DOCUME~1\Samurai\LOCALS~1\Temp\WER7937.dir00\sysdata.xml Ik hoop dat je dit ook kan oplossen. Ben je iets met het logboek van xp waar de fouten staan? Alvast Bedankt !!

Malwarebytes' Anti-Malware 1.38 Database versie: 2309 Windows 5.1.2600 Service Pack 3 20/06/2009 10:34:15 mbam-log-2009-06-20 (10-34-15).txt Scan type: Volledige Scan (C:\|) Objecten gescand: 91189 Verstreken tijd: 5 minute(s), 3 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:35:52, on 20/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245422727656 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (Award-winning Security Software for Home and Business Computers) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- End of file - 6207 bytes

Zou iemand deze log eens willen bekijken, want ik heb een vermoedend dat er spyware op staat. Alvast Bedankt. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:38:18, on 19/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [sAPostInstallPage] iexplore.exe McAfee SiteAdvisor O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245422727656 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: McAfee Application Installer Cleanup (0262231245442772) (0262231245442772mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Samurai\LOCALS~1\Temp\026223~1.EXE O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7092 bytes

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:33:58, on 16/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Registry Mechanic\RegMech.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H O4 - HKCU\..\Run: [RegGenie v2.0 - Trial Expired] "C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe" O4 - HKCU\..\Run: [RegGenie v2.0] "C:\Program Files\RegGenie\RegGenieOnReboot.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242140695968 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7336 bytes Malwarebytes' Anti-Malware 1.36 Database versie: 2140 Windows 5.1.2600 Service Pack 3 16/05/2009 16:31:58 mbam-log-2009-05-16 (16-31-58).txt Scan type: Snelle Scan Objecten gescand: 73927 Verstreken tijd: 2 minute(s), 18 second(s) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 3 Registerwaarden geïnfecteerd: 1 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 7 Bestanden geïnfecteerd: 149 Geheugenprocessen geïnfecteerd: C:\Program Files\RegTool\RegTool.exe (Rogue.RegTool) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\xprepairpro2007 (Rogue.XPRepairPro2007) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: C:\Program Files\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470 (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250 (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Program Files\RegTool\RegTool.exe (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Program Files\RegTool\definitions.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Program Files\RegTool\defrag.dll (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Program Files\RegTool\JkDefragLib_sourcecode.zip (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Program Files\RegTool\LGPL for Defragger library.txt (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Program Files\RegTool\privacy.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Program Files\RegTool\RegTool.url (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\Logs\2009-05-16 15-45-310.log (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\Logs\2009-05-16 16-14-010.log (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\Logs\2009-05-16 16-25-260.log (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Bureaublad\RegTool.lnk (Rogue.RegTool) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.

Bij het openen van daemon tools lite.exe kreeg ik deze fout melding http://img218.imagevenue.com/img.php?image=83288_naamloos_122_379lo.JPG&loc=loc379[/url] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:13:35, on 16/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Network Mechanic\netmch.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Network Mechanic] C:\Program Files\Network Mechanic\netmch.exe -s O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H O4 - HKCU\..\Run: [RegGenie v2.0 - Trial Expired] "C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe" O4 - HKCU\..\Run: [RegGenie v2.0] "C:\Program Files\RegGenie\RegGenieOnReboot.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242140695968 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7483 bytes

Hier is het logje ComboFix 09-05-08.03 - Samuel 09/05/2009 18:55.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1022.815 [GMT 2:00] Gestart vanuit: c:\documents and settings\Samuel\Bureaublad\ComboFix.exe . (((((((((((((((((((( Bestanden Gemaakt van 2009-04-09 to 2009-05-09 )))))))))))))))))))))))))))))) . 2009-05-09 14:22 . 2009-05-09 14:22 0 ----a-w c:\windows\nsreg.dat 2009-05-09 14:22 . 2009-05-09 14:22 -------- d-----w c:\documents and settings\Samuel\Local Settings\Application Data\Mozilla 2009-05-09 14:19 . 2009-05-09 14:19 15781 ----a-w c:\windows\system32\drivers\mdc8021x.sys 2009-05-09 14:19 . 2004-05-17 10:02 110592 ----a-w c:\windows\system32\AegisI5.exe 2009-05-09 14:19 . 2002-09-09 17:54 16269 ----a-w c:\windows\system32\ASNDIS5.sys 2009-05-09 14:19 . 2002-09-09 19:01 61440 ----a-w c:\windows\system32\ASUSW32N50.dll 2009-05-09 14:19 . 2004-08-13 14:38 140544 ----a-w c:\windows\system32\drivers\rt2500usb.sys 2009-05-09 14:19 . 2009-05-09 14:19 -------- d-----w c:\program files\ASUS 2009-05-09 14:13 . 2009-05-09 14:13 -------- d-----w c:\program files\Common Files\Adobe 2009-05-09 14:11 . 2009-05-09 14:11 -------- d-----w c:\program files\ASUSTeK 2009-05-09 14:10 . 2009-05-09 14:12 -------- d-----w c:\windows\nview 2009-05-09 14:10 . 2006-02-13 13:05 180224 ----a-w c:\windows\system32\nvudisp.exe 2009-05-09 14:09 . 2006-02-08 08:26 11264 ----a-r c:\windows\system32\drivers\EIO.sys 2009-05-09 14:08 . 2005-05-04 07:20 53248 ------w c:\windows\system32\wdmioctl.dll 2009-05-09 14:08 . 2001-09-11 13:20 1285632 ------w c:\windows\system32\SMMedia.dll 2009-05-09 14:08 . 2009-05-09 14:08 -------- d-----w c:\program files\Analog Devices 2009-05-09 14:08 . 2005-09-26 14:20 49152 ----a-w c:\windows\system32\DSndUp.exe 2009-05-09 14:08 . 2002-04-17 13:05 45056 ------w c:\windows\system32\CleanUp.exe 2009-05-09 14:05 . 2005-12-20 16:23 176128 ----a-r c:\windows\system32\NVUNINST.EXE 2009-05-09 14:05 . 2005-03-09 13:53 43008 ----a-w c:\windows\system32\drivers\AmdK8.sys 2009-05-09 14:05 . 2009-05-09 14:05 -------- d-----w c:\program files\AMD 2009-05-09 14:05 . 2009-05-09 14:19 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-09 14:04 . 2009-05-09 14:19 -------- d-----w c:\program files\Common Files\InstallShield 2009-05-09 14:04 . 2004-08-13 02:56 5810 ----a-r c:\windows\system32\drivers\ASACPI.sys 2009-05-09 14:04 . 2004-04-27 07:26 5824 ----a-w c:\windows\system32\drivers\ASUSHWIO.SYS . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-09 14:19 . 2008-04-15 12:00 53418 ----a-w c:\windows\system32\perfc013.dat 2009-05-09 14:19 . 2008-04-15 12:00 364330 ----a-w c:\windows\system32\perfh013.dat 2009-05-08 20:27 . 2009-05-08 20:27 -------- d-----w c:\program files\microsoft frontpage 2009-05-08 20:26 . 2008-04-15 12:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-05-08 20:26 . 2009-05-08 20:26 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-05-08 20:24 . 2009-05-08 20:24 21748 ----a-w c:\windows\system32\emptyregdb.dat . ------- Sigcheck ------- [-] 2008-04-15 12:00 2028544 975F5AEE3758409517B5543EB0A94EE5 c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-02-13 86016] "Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-02-13 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [9-5-2009 16:19 16269] . . ------- Bijkomende Scan ------- . FF - ProfilePath - c:\documents and settings\Samuel\Application Data\Mozilla\Firefox\Profiles\kkg80d3a.default\ FF - prefs.js: browser.startup.homepage - Google . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-09 18:56 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2009-05-09 18:56 ComboFix-quarantined-files.txt 2009-05-09 16:56 Pre-Run: 34.098.237.440 bytes beschikbaar Post-Run: 34.106.519.552 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 91

Ik heb het probleem met resycled\boot.com maar half kunnen oplossen denk ik, want ik denk nie dat het helemaal verwijderd is, kan iemand mij helpen alstublieft. Hier een Hjiack This log. Ben er nie helemaal gerust in ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:35:13, on 4/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4037 bytes

Behuizing: MS-Tech LC-402 silver 39 euro Behuizingskoeler: Sharkoon Silent Eagle 1000 (120mm) 11,90 euro Netvoeding: OCZ Fatal1ty 550W 65 euro Moederbord: Asus P5B-VM 239 euro Processor: Intel Core 2 Duo E8400 159 euro Intel Core 2 Quad Q6600 189 euro Welke zou ik het best nemen ? Processorkoeler: Zalman CNPS9900 LED 55 euro Grafische kaart: Asus GeForce GTX 260 (HTDP/896M) 189 euro DVD-brander: Pioneer DVR-116D 29 euro Harde schijf: Samsung SpinPoint S166 39 euro Geheugen(RAM): Corsair DIMM 4 GB DDR2-800 Kit 39 euro TOTAAL 864,90 of 894,90 Ik zou graag een zo goed mogelijke koele en stille pc hebben, als jullie mij hierbij kunnen helpen ? Prijzen komen van Alternate, als er nog een beter winkel is mag je me die zegen.

Ik kan dus geen filmpjes in firefox bekijken, wel op youtube of andere videosites, maar niet als het filmpje in een andere site zit. Ik heb versie 3.0.7. In Opera kan ik het filmpje wel bekijken. Ik hoop dat er iemand is die mij kan helpen.