Samuel_Belgium

Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4292 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 8/07/2010 18:05:51 mbam-log-2010-07-08 (18-05-51).txt Scantype: Snelle scan Objecten gescand: 119820 Verstreken tijd: 3 minuut/minuten, 59 seconde(n) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 3 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 6 Geheugenprocessen geïnfecteerd: C:\Users\Samuel\AppData\Roaming\explorer.exe (Worm.Palevo) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows explorer (Worm.Palevo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows firewall (Worm.Palevo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet (Backdoor.Bot) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\Users\Samuel\AppData\Roaming\explorer.exe (Worm.Palevo) -> Quarantined and deleted successfully. C:\Users\Samuel\AppData\Roaming\rundll32.exe (Worm.Palevo) -> Quarantined and deleted successfully. C:\Users\Samuel\AppData\Local\Temp\91mC8JT.exe (Worm.Palevo) -> Quarantined and deleted successfully. C:\Users\Samuel\AppData\Local\Temp\erase_me340592.exe (Worm.Palevo) -> Quarantined and deleted successfully. C:\Users\Samuel\AppData\Local\Temp\install.48596.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. C:\Users\Samuel\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:01:26, on 12/07/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe J:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 2297 bytes Als ik met HijackThis scan, krijg ik wel deze foutmelding Tips hebt qua beveiliging van Windows 7 zijn altijd welkom. Dank bij voorbaat

Hallo, Ik krijg al een tijdje meldingen over de Worm Win32/Pushbot.gen!C van Microsoft Security Essentials. Ik kies altijd om te verwijderen, maar een aantal minuten nadien krijg ik weer dezelfde melding. Ik heb een logje gemaakt met hijackthis. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:02:48, on 8/07/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Samuel\AppData\Roaming\explorer.exe C:\Users\Samuel\AppData\Roaming\winos.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Windows\system32\mrt.exe C:\Windows\system32\mrt.exe J:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKCU\..\Run: [Windows Firewall] C:\Users\Samuel\AppData\Roaming\rundll32.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [internet] 1 O4 - HKCU\..\Run: [Windows Explorer] C:\Users\Samuel\AppData\Roaming\explorer.exe O4 - HKCU\..\Run: [updates] C:\Users\Samuel\AppData\Roaming\winos.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 2766 bytes Alvast bedankt voor de hulp!

Geen problemen meer, bedankt. Dit topic mag gesloten worden.

Malwarebytes' Anti-Malware 1.41 Database versie: 3110 Windows 5.1.2600 Service Pack 3 7/11/2009 16:45:56 mbam-log-2009-11-07 (16-45-56).txt Scan type: Snelle Scan Objecten gescand: 116194 Verstreken tijd: 3 minute(s), 50 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:46:54, on 7/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rohos\agent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Privacyware\Privatefirewall 6.1\pfsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\eBoostr\EBstrSvc.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Qliner Hotkeys\HotKeys.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\EssentialPIM Pro\EssentialPIM.exe C:\Program Files\EssentialPIM Pro\EssentialPIM.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\eBoostr\eBoostrCP.exe C:\Program Files\Launchy\Launchy.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000311.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [00Hotkeys] "C:\Program Files\Qliner Hotkeys\HotKeys.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EssentialPIM Pro] "C:\Program Files\EssentialPIM Pro\EssentialPIM.exe" /autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe O8 - Extra context menu item: Download met LeechGet - file://C:\Program Files\LeechGet 2009\\AddUrl.html O8 - Extra context menu item: Download met LeechGet Wizard - file://C:\Program Files\LeechGet 2009\\Wizard.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verwerk met LeechGet (Parse) - file://C:\Program Files\LeechGet 2009\\Parser.html O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Privacyware network service (PFNet) - Privacyware/PWI, Inc. - C:\Program Files\Privacyware\Privatefirewall 6.1\pfsvc.exe O23 - Service: Rohos Disk service (Rohos Disk) - Tesline-Service SRL - C:\Program Files\Rohos\agent.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 13962 bytes

Zou iemand deze log eens willen nakijken, want verschillende dingen werken niet meer op men pc. Dank u Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:07:59, on 7/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rohos\agent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Privacyware\Privatefirewall 6.1\pfsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\eBoostr\EBstrSvc.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Qliner Hotkeys\HotKeys.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\EssentialPIM Pro\EssentialPIM.exe C:\Program Files\EssentialPIM Pro\EssentialPIM.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\eBoostr\eBoostrCP.exe C:\Program Files\Launchy\Launchy.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000311.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [00Hotkeys] "C:\Program Files\Qliner Hotkeys\HotKeys.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EssentialPIM Pro] "C:\Program Files\EssentialPIM Pro\EssentialPIM.exe" /autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Download met LeechGet - file://C:\Program Files\LeechGet 2009\\AddUrl.html O8 - Extra context menu item: Download met LeechGet Wizard - file://C:\Program Files\LeechGet 2009\\Wizard.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verwerk met LeechGet (Parse) - file://C:\Program Files\LeechGet 2009\\Parser.html O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: McAfee Application Installer Cleanup (0158881248710809) (0158881248710809mcinstcleanup) - - (no file) O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: KFQIBYJ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Samuel\LOCALS~1\Temp\KFQIBYJ.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Privacyware network service (PFNet) - Privacyware/PWI, Inc. - C:\Program Files\Privacyware\Privatefirewall 6.1\pfsvc.exe O23 - Service: Rohos Disk service (Rohos Disk) - Tesline-Service SRL - C:\Program Files\Rohos\agent.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 14737 bytes

Ik heb HD Tune Pro eens op mijn pc geïnstalleerd om te kijken hoe het met mijn harde schijven zit. Maar ik weet niet juist wat ik uit deze resultaten moet afleiden. Weet iemand wat hier juist wordt weergegeven ? Alvast bedankt!

Ja heb nog een probleem, mijn computer start na een tijdje altijd opnieuw op en geeft dan de volgende foutmelding: Microsoft Windows Het systeem is hersteld van een ernstige fout =>Technische gegevens Inhoud De volgende bestanden worden aan dit foutenrapport toegevoegd C:\DOCUME~1\Samurai\LOCALS~1\Temp\WER7937.dir00\Mini062009-02.dmp C:\DOCUME~1\Samurai\LOCALS~1\Temp\WER7937.dir00\sysdata.xml Ik hoop dat je dit ook kan oplossen. Ben je iets met het logboek van xp waar de fouten staan? Alvast Bedankt !!

Malwarebytes' Anti-Malware 1.38 Database versie: 2309 Windows 5.1.2600 Service Pack 3 20/06/2009 10:34:15 mbam-log-2009-06-20 (10-34-15).txt Scan type: Volledige Scan (C:\|) Objecten gescand: 91189 Verstreken tijd: 5 minute(s), 3 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:35:52, on 20/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245422727656 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (Award-winning Security Software for Home and Business Computers) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- End of file - 6207 bytes

Zou iemand deze log eens willen bekijken, want ik heb een vermoedend dat er spyware op staat. Alvast Bedankt. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:38:18, on 19/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [sAPostInstallPage] iexplore.exe McAfee SiteAdvisor O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245422727656 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: McAfee Application Installer Cleanup (0262231245442772) (0262231245442772mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Samurai\LOCALS~1\Temp\026223~1.EXE O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7092 bytes

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:33:58, on 16/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Registry Mechanic\RegMech.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H O4 - HKCU\..\Run: [RegGenie v2.0 - Trial Expired] "C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe" O4 - HKCU\..\Run: [RegGenie v2.0] "C:\Program Files\RegGenie\RegGenieOnReboot.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242140695968 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7336 bytes Malwarebytes' Anti-Malware 1.36 Database versie: 2140 Windows 5.1.2600 Service Pack 3 16/05/2009 16:31:58 mbam-log-2009-05-16 (16-31-58).txt Scan type: Snelle Scan Objecten gescand: 73927 Verstreken tijd: 2 minute(s), 18 second(s) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 3 Registerwaarden geïnfecteerd: 1 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 7 Bestanden geïnfecteerd: 149 Geheugenprocessen geïnfecteerd: C:\Program Files\RegTool\RegTool.exe (Rogue.RegTool) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\xprepairpro2007 (Rogue.XPRepairPro2007) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: C:\Program Files\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470 (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250 (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Program Files\RegTool\RegTool.exe (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Program Files\RegTool\definitions.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Program Files\RegTool\defrag.dll (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Program Files\RegTool\JkDefragLib_sourcecode.zip (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Program Files\RegTool\LGPL for Defragger library.txt (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Program Files\RegTool\privacy.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Program Files\RegTool\RegTool.url (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\Logs\2009-05-16 15-45-310.log (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\Logs\2009-05-16 16-14-010.log (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\Logs\2009-05-16 16-25-260.log (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 15-46-470\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Samurai\Application Data\RegTool\QuarantineW\2009-05-16 16-10-250\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Bureaublad\RegTool.lnk (Rogue.RegTool) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.

Bij het openen van daemon tools lite.exe kreeg ik deze fout melding http://img218.imagevenue.com/img.php?image=83288_naamloos_122_379lo.JPG&loc=loc379[/url] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:13:35, on 16/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Network Mechanic\netmch.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Network Mechanic] C:\Program Files\Network Mechanic\netmch.exe -s O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H O4 - HKCU\..\Run: [RegGenie v2.0 - Trial Expired] "C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe" O4 - HKCU\..\Run: [RegGenie v2.0] "C:\Program Files\RegGenie\RegGenieOnReboot.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242140695968 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7483 bytes

Hier is het logje ComboFix 09-05-08.03 - Samuel 09/05/2009 18:55.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1022.815 [GMT 2:00] Gestart vanuit: c:\documents and settings\Samuel\Bureaublad\ComboFix.exe . (((((((((((((((((((( Bestanden Gemaakt van 2009-04-09 to 2009-05-09 )))))))))))))))))))))))))))))) . 2009-05-09 14:22 . 2009-05-09 14:22 0 ----a-w c:\windows\nsreg.dat 2009-05-09 14:22 . 2009-05-09 14:22 -------- d-----w c:\documents and settings\Samuel\Local Settings\Application Data\Mozilla 2009-05-09 14:19 . 2009-05-09 14:19 15781 ----a-w c:\windows\system32\drivers\mdc8021x.sys 2009-05-09 14:19 . 2004-05-17 10:02 110592 ----a-w c:\windows\system32\AegisI5.exe 2009-05-09 14:19 . 2002-09-09 17:54 16269 ----a-w c:\windows\system32\ASNDIS5.sys 2009-05-09 14:19 . 2002-09-09 19:01 61440 ----a-w c:\windows\system32\ASUSW32N50.dll 2009-05-09 14:19 . 2004-08-13 14:38 140544 ----a-w c:\windows\system32\drivers\rt2500usb.sys 2009-05-09 14:19 . 2009-05-09 14:19 -------- d-----w c:\program files\ASUS 2009-05-09 14:13 . 2009-05-09 14:13 -------- d-----w c:\program files\Common Files\Adobe 2009-05-09 14:11 . 2009-05-09 14:11 -------- d-----w c:\program files\ASUSTeK 2009-05-09 14:10 . 2009-05-09 14:12 -------- d-----w c:\windows\nview 2009-05-09 14:10 . 2006-02-13 13:05 180224 ----a-w c:\windows\system32\nvudisp.exe 2009-05-09 14:09 . 2006-02-08 08:26 11264 ----a-r c:\windows\system32\drivers\EIO.sys 2009-05-09 14:08 . 2005-05-04 07:20 53248 ------w c:\windows\system32\wdmioctl.dll 2009-05-09 14:08 . 2001-09-11 13:20 1285632 ------w c:\windows\system32\SMMedia.dll 2009-05-09 14:08 . 2009-05-09 14:08 -------- d-----w c:\program files\Analog Devices 2009-05-09 14:08 . 2005-09-26 14:20 49152 ----a-w c:\windows\system32\DSndUp.exe 2009-05-09 14:08 . 2002-04-17 13:05 45056 ------w c:\windows\system32\CleanUp.exe 2009-05-09 14:05 . 2005-12-20 16:23 176128 ----a-r c:\windows\system32\NVUNINST.EXE 2009-05-09 14:05 . 2005-03-09 13:53 43008 ----a-w c:\windows\system32\drivers\AmdK8.sys 2009-05-09 14:05 . 2009-05-09 14:05 -------- d-----w c:\program files\AMD 2009-05-09 14:05 . 2009-05-09 14:19 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-09 14:04 . 2009-05-09 14:19 -------- d-----w c:\program files\Common Files\InstallShield 2009-05-09 14:04 . 2004-08-13 02:56 5810 ----a-r c:\windows\system32\drivers\ASACPI.sys 2009-05-09 14:04 . 2004-04-27 07:26 5824 ----a-w c:\windows\system32\drivers\ASUSHWIO.SYS . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-09 14:19 . 2008-04-15 12:00 53418 ----a-w c:\windows\system32\perfc013.dat 2009-05-09 14:19 . 2008-04-15 12:00 364330 ----a-w c:\windows\system32\perfh013.dat 2009-05-08 20:27 . 2009-05-08 20:27 -------- d-----w c:\program files\microsoft frontpage 2009-05-08 20:26 . 2008-04-15 12:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-05-08 20:26 . 2009-05-08 20:26 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-05-08 20:24 . 2009-05-08 20:24 21748 ----a-w c:\windows\system32\emptyregdb.dat . ------- Sigcheck ------- [-] 2008-04-15 12:00 2028544 975F5AEE3758409517B5543EB0A94EE5 c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-02-13 86016] "Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-02-13 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [9-5-2009 16:19 16269] . . ------- Bijkomende Scan ------- . FF - ProfilePath - c:\documents and settings\Samuel\Application Data\Mozilla\Firefox\Profiles\kkg80d3a.default\ FF - prefs.js: browser.startup.homepage - Google . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-09 18:56 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2009-05-09 18:56 ComboFix-quarantined-files.txt 2009-05-09 16:56 Pre-Run: 34.098.237.440 bytes beschikbaar Post-Run: 34.106.519.552 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 91

Ik heb het probleem met resycled\boot.com maar half kunnen oplossen denk ik, want ik denk nie dat het helemaal verwijderd is, kan iemand mij helpen alstublieft. Hier een Hjiack This log. Ben er nie helemaal gerust in ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:35:13, on 4/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4037 bytes

Behuizing: MS-Tech LC-402 silver 39 euro Behuizingskoeler: Sharkoon Silent Eagle 1000 (120mm) 11,90 euro Netvoeding: OCZ Fatal1ty 550W 65 euro Moederbord: Asus P5B-VM 239 euro Processor: Intel Core 2 Duo E8400 159 euro Intel Core 2 Quad Q6600 189 euro Welke zou ik het best nemen ? Processorkoeler: Zalman CNPS9900 LED 55 euro Grafische kaart: Asus GeForce GTX 260 (HTDP/896M) 189 euro DVD-brander: Pioneer DVR-116D 29 euro Harde schijf: Samsung SpinPoint S166 39 euro Geheugen(RAM): Corsair DIMM 4 GB DDR2-800 Kit 39 euro TOTAAL 864,90 of 894,90 Ik zou graag een zo goed mogelijke koele en stille pc hebben, als jullie mij hierbij kunnen helpen ? Prijzen komen van Alternate, als er nog een beter winkel is mag je me die zegen.

Ik kan dus geen filmpjes in firefox bekijken, wel op youtube of andere videosites, maar niet als het filmpje in een andere site zit. Ik heb versie 3.0.7. In Opera kan ik het filmpje wel bekijken. Ik hoop dat er iemand is die mij kan helpen.

Geen pop-ups meer Nee ik heb geen actief antivirusprogramma maar wel non-actief

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:51:53, on 30/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Windows Live\Family Safety\fssui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Ad Muncher\AdMunch.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Eraser\Eraser.exe C:\Program Files\Advanced System Optimizer\wallpaper.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide O4 - HKCU\..\Run: [systweak Wallpaper Changer] C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe O8 - Extra context menu item: Block frame with Ad Muncher - Ad Muncher O8 - Extra context menu item: Block image with Ad Muncher - Ad Muncher O8 - Extra context menu item: Block link with Ad Muncher - Ad Muncher O8 - Extra context menu item: Don't filter page with Ad Muncher - Ad Muncher O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Report page to the Ad Muncher developers - Ad Muncher O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220188919921 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220203462546 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- End of file - 12721 bytes ComboFix 08-11-29.03 - Samuel 2008-11-30 14:30:49.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.485 [GMT 1:00] Gestart vanuit: c:\documents and settings\Samuel\Mijn documenten\Spyware\CombosFix.exe gebruikte Opdracht switches :: c:\documents and settings\Samuel\Mijn documenten\Spyware\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE :: c:\windows\ashampoo_clipfisher_117_sm.exe c:\windows\system32\comdlg32.OCX c:\windows\system32\eaeabefeef7_d.ocx c:\windows\system32\MSWINSCK.ocx c:\windows\system32\mws77814.dll c:\windows\system32\richtx32.OCX c:\windows\system32\SBFC.dat c:\windows\system32\SBRC.dat c:\windows\system32\wertyu.dll c:\windows\system32\ws77814.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\ashampoo_clipfisher_117_sm.exe c:\windows\system32\comdlg32.OCX c:\windows\system32\eaeabefeef7_d.ocx c:\windows\system32\MSWINSCK.ocx c:\windows\system32\mws77814.dll c:\windows\system32\richtx32.OCX c:\windows\system32\SBFC.dat c:\windows\system32\SBRC.dat c:\windows\system32\wertyu.dll c:\windows\system32\ws77814.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))) . 2008-11-30 14:02 . 2008-11-30 14:11 <DIR> d-------- C:\SDFix 2008-11-30 13:24 . 2008-11-30 13:24 <DIR> d-------- c:\program files\JGoodies 2008-11-30 13:24 . 2008-11-30 13:24 <DIR> d-------- c:\documents and settings\Samuel\Application Data\JGoodies 2008-11-30 13:22 . 2008-11-30 13:23 <DIR> d-------- c:\program files\Disk Cleaner 2008-11-30 11:35 . 2008-11-30 11:35 <DIR> d-------- C:\VundoFix Backups 2008-11-30 11:23 . 2008-11-30 14:01 <DIR> d-------- c:\program files\Spyware Doctor 2008-11-30 11:23 . 2008-11-30 11:23 <DIR> d-------- c:\program files\Common Files\PC Tools 2008-11-30 11:23 . 2008-11-30 11:23 <DIR> d-------- c:\documents and settings\Samuel\Application Data\PC Tools 2008-11-30 11:23 . 2008-11-30 11:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2008-11-30 11:23 . 2008-07-28 12:29 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys 2008-11-30 11:23 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys 2008-11-30 11:23 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys 2008-11-30 11:23 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys 2008-11-30 11:23 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys 2008-11-29 21:43 . 2008-11-29 21:43 252 --a------ c:\windows\mgutil_reg.ini 2008-11-29 21:42 . 2008-11-29 21:42 <DIR> d-------- c:\program files\Mgutil 2008-11-29 21:42 . 2008-11-29 21:42 55 --a------ c:\windows\mgutil_win.ini 2008-11-29 19:45 . 2008-11-29 19:53 <DIR> d-------- C:\4DiskcleanG 2008-11-29 18:54 . 2008-11-29 19:45 341 --a------ c:\windows\mgreg.ini 2008-11-29 18:54 . 2008-11-29 19:45 30 --a------ c:\windows\mgwin.ini 2008-11-29 18:52 . 2008-11-29 19:45 <DIR> d-------- c:\program files\Mgtweak 2008-11-28 17:19 . 2008-11-28 17:19 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-11-28 17:19 . 2008-11-28 17:19 <DIR> d-------- c:\program files\Adobe Media Player 2008-11-26 18:55 . 2008-11-26 18:56 <DIR> d-------- c:\program files\Exifer 2008-11-24 21:06 . 2008-11-24 21:06 <DIR> d-------- c:\program files\GrabIt 2008-11-24 17:45 . 2008-11-24 17:45 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-24 17:45 . 2008-11-24 17:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-23 21:19 . 2008-11-23 21:19 <DIR> d-------- c:\program files\UnH Solutions 2008-11-23 21:03 . 2008-11-30 14:26 <DIR> d-------- c:\documents and settings\Samuel\Application Data\SiteAdvisor 2008-11-23 21:03 . 2008-11-23 21:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor 2008-11-23 21:03 . 2008-11-23 21:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee 2008-11-23 21:02 . 2008-11-23 21:13 <DIR> d-------- c:\program files\RegistryFix7 2008-11-23 20:56 . 2008-11-23 20:58 <DIR> d-------- c:\program files\Mp3 My Mp3 2.0 2008-11-23 20:55 . 2008-11-23 20:55 <DIR> d-------- c:\program files\NCH Swift Sound 2008-11-23 20:55 . 2008-11-23 20:55 <DIR> d-------- c:\documents and settings\Samuel\Application Data\NCH Swift Sound 2008-11-23 20:55 . 2008-11-23 20:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound 2008-11-23 20:52 . 2008-11-24 16:58 <DIR> d-------- c:\program files\Ad Muncher 2008-11-23 20:48 . 2008-11-23 20:48 <DIR> d-------- c:\program files\Unlocker 2008-11-23 20:43 . 2008-11-27 18:51 <DIR> d-------- c:\program files\a-squared Free 2008-11-23 14:23 . 2008-11-23 14:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-23 14:23 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-23 14:23 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-22 19:20 . 2008-11-22 19:20 <DIR> d-------- c:\program files\Lavasoft 2008-11-22 19:20 . 2008-11-23 21:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-22 19:09 . 2008-11-22 19:10 <DIR> d-------- c:\program files\CleanUp! 2008-11-22 17:57 . 2008-11-27 19:11 <DIR> d-------- c:\program files\Enigma Software Group 2008-11-22 17:02 . 2008-11-22 17:02 <DIR> d-------- c:\program files\Common Files\Download Manager 2008-11-22 17:02 . 2008-11-22 17:02 1,152 --a------ c:\windows\system32\windrv.sys 2008-11-22 15:58 . 2008-11-22 15:58 <DIR> d-------- c:\program files\ClamWinPortable 2008-11-21 21:27 . 2008-11-22 17:37 <DIR> d-------- C:\!KillBox 2008-11-21 21:22 . 2008-11-30 14:16 <DIR> d-------- c:\windows\system32\CatRoot2 2008-11-21 18:48 . 2008-11-21 18:48 <DIR> d-------- c:\program files\Trend Micro 2008-11-21 17:34 . 2008-11-21 17:34 <DIR> d-------- c:\windows\ERUNT 2008-11-20 22:21 . 2008-11-21 16:44 <DIR> d-------- c:\program files\Spyware Terminator 2008-11-20 22:21 . 2008-11-21 21:30 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Spyware Terminator 2008-11-20 22:21 . 2008-11-21 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator 2008-11-20 22:21 . 2008-11-20 22:21 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys 2008-11-20 21:05 . 2008-11-20 21:05 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Sunbelt Software 2008-11-15 21:48 . 2008-11-30 14:28 <DIR> dr-h----- c:\documents and settings\Samuel\Onlangs geopend 2008-11-15 14:16 . 2008-11-15 19:08 <DIR> d-------- c:\program files\Album Cover Art Downloader 2008-11-15 14:16 . 2008-11-15 14:37 <DIR> d-------- c:\documents and settings\Samuel\Application Data\albumart 2008-11-14 19:57 . 2008-11-14 19:57 <DIR> d-------- c:\program files\CopyRightLeft 2008-11-12 14:21 . 2008-11-12 16:08 <DIR> d-------- c:\program files\IObit 2008-11-11 18:38 . 2008-11-11 18:38 <DIR> d-------- c:\program files\Mp3tag 2008-11-11 18:38 . 2008-11-29 19:25 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Mp3tag 2008-11-11 15:42 . 2008-11-15 15:36 <DIR> d-------- c:\program files\MP3Gain 2008-11-11 14:28 . 2008-11-11 14:28 <DIR> d-------- c:\program files\Google 2008-11-11 14:26 . 2008-11-11 14:26 <DIR> d-------- c:\windows\system32\URTTemp 2008-11-10 21:52 . 2008-11-10 21:58 <DIR> d-------- c:\documents and settings\Samuel\Application Data\gtk-2.0 2008-11-10 21:52 . 2008-11-10 21:52 <DIR> d-------- c:\documents and settings\Samuel\.thumbnails 2008-11-10 21:15 . 2008-11-10 21:15 <DIR> d-------- c:\program files\DivX 2008-11-10 16:06 . 2008-11-11 11:46 <DIR> d-------- c:\program files\TagRename 2008-11-09 20:05 . 2008-11-11 12:07 <DIR> d-------- c:\documents and settings\Samuel\.gimp-2.6 2008-11-09 20:05 . 2008-11-09 20:05 <DIR> d-------- c:\documents and settings\Samuel\.gegl-0.0 2008-11-09 20:03 . 2008-11-09 20:03 <DIR> d-------- c:\program files\Gimp-2.0 2008-11-09 19:13 . 2008-11-09 19:13 <DIR> d-------- c:\program files\Symantec 2008-11-09 16:54 . 2008-11-09 16:54 <DIR> d-------- c:\program files\Nattyware 2008-11-08 15:09 . 2008-11-08 15:15 <DIR> d-------- c:\documents and settings\Samuel\Application Data\PowerChallenge 2008-11-03 19:03 . 2008-11-09 21:42 <DIR> d-------- c:\program files\CoreFTP 2008-11-03 19:03 . 2008-11-25 19:48 <DIR> d-------- c:\documents and settings\Samuel\Application Data\CoreFTP 2008-11-01 14:58 . 2008-11-01 15:02 <DIR> d-------- c:\windows\system32\Adobe 2008-10-28 19:15 . 2008-10-28 19:15 <DIR> d-------- c:\documents and settings\Samuel\Application Data\JGsoft 2008-10-18 15:16 . 2008-10-18 15:17 <DIR> d-------- C:\wamp 2008-10-17 19:20 . 2008-10-17 19:20 <DIR> d-------- c:\documents and settings\Samuel\Application Data\SmartFTP 2008-10-17 19:01 . 2008-10-19 15:20 <DIR> d-------- c:\documents and settings\Samuel\Application Data\FileZilla 2008-10-14 16:32 . 2008-11-09 21:42 <DIR> d-------- c:\program files\Eraser 2008-10-14 16:32 . 2008-10-14 16:32 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646} 2008-10-11 18:48 . 2008-10-11 18:48 <DIR> d--h----- c:\windows\PIF 2008-10-10 17:53 . 2008-11-08 16:03 <DIR> d-------- c:\program files\MessengerDiscovery 2008-10-09 16:26 . 2008-10-09 16:29 <DIR> d-------- c:\program files\RegSupreme Pro 2008-10-06 12:55 . 2008-10-06 12:55 <DIR> d-------- c:\program files\Microsoft Silverlight 2008-10-06 12:47 . 2008-10-06 12:47 <DIR> d-------- c:\program files\DAEMON Tools Toolbar 2008-10-06 12:46 . 2008-10-07 15:17 <DIR> d-------- c:\program files\DAEMON Tools Lite 2008-10-06 12:45 . 2008-10-06 12:45 <DIR> d-------- c:\documents and settings\Samuel\Application Data\DAEMON Tools 2008-10-06 12:45 . 2008-10-06 12:45 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2008-10-04 20:12 . 2008-10-04 20:12 2,289,152 --a------ c:\windows\system32\TUKernel.exe 2008-10-04 19:46 . 2008-10-04 19:46 <DIR> d-------- c:\program files\TuneUp Utilities 2008 2008-10-04 19:46 . 2008-11-23 21:16 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-10-04 19:46 . 2008-10-04 19:46 <DIR> d-------- c:\documents and settings\Samuel\Application Data\TuneUp Software 2008-10-04 19:46 . 2008-10-04 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software 2008-10-04 19:46 . 2008-10-04 19:46 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe 2008-10-04 19:46 . 2008-05-29 08:28 28,416 --a------ c:\windows\system32\uxtuneup.dll 2008-10-04 15:27 . 2008-10-04 15:27 <DIR> d-------- c:\program files\NKProds 2008-10-04 15:27 . 2008-10-04 15:27 <DIR> d-------- c:\documents and settings\Samuel\Application Data\nCleaner . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-30 13:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-27 17:59 --------- d-----w c:\program files\Advanced System Optimizer 2008-11-26 20:42 30 ----a-w c:\program files\Exiferupdate.ini 2008-11-22 16:36 --------- d-----w c:\documents and settings\Samuel\Application Data\uTorrent 2008-11-22 10:26 --------- d-----w c:\documents and settings\Samuel\Application Data\Creative 2008-11-11 13:29 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-10 17:52 --------- d-----w c:\program files\Common Files\Real 2008-11-09 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2008-11-01 13:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-10-27 21:24 --------- d-----w c:\program files\Common Files\Adobe 2008-10-07 17:57 --------- d-----w c:\program files\Prisma 2008-09-29 19:36 --------- d-----w c:\program files\Creative 2008-09-29 19:35 --------- d--h--w c:\program files\Creative Installation Information 2008-09-29 19:35 --------- d-----w c:\program files\Common Files\Creative 2008-09-29 19:34 --------- d-----w c:\documents and settings\All Users\Application Data\Creative 2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-08-30 19:51 499,712 ----a-w c:\windows\system32\msvcp71.dll 2008-08-30 19:51 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-08-30 19:29 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-08-30 11:17 606,848 ----a-w c:\windows\flashax.exe 2008-08-30 11:17 12,288 ----a-w c:\windows\impborl.dll 2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-23 916240] "Systweak Wallpaper Changer"="c:\program files\Advanced System Optimizer\wallpaper.exe" [2007-06-22 151280] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-13 2356088] "Startup Manager"="c:\program files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 919280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-02-13 86016] "Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2007-11-03 779776] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264] "nwiz"="nwiz.exe" [2006-02-13 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\Samuel\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact] 2008-04-16 13:24 165368 c:\windows\system32\RegCompact.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-11-30 160792] R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-08-31 43816] R2 fsssvc;Windows Live OneCare Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 523816] R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-08-30 16269] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-23 38496] S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice [2008-10-18 24635] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map 2008-11-30 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09] 2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS VERWIJDERD - - - - BHO-{E71F5184-35A9-3C29-99D1-B72C4506A596} - c:\windows\system32\mws77814.dll ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-30 14:31:44 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(904) c:\windows\system32\RegCompact.dll - - - - - - - > 'lsass.exe'(964) c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll c:\windows\system32\nvappfilter.dll . Voltooingstijd: 2008-11-30 14:32:21 ComboFix-quarantined-files.txt 2008-11-30 13:32:19 ComboFix2.txt 2008-11-30 13:19:09 ComboFix3.txt 2008-11-23 13:19:46 Pre-Run: 3.297.099.776 bytes beschikbaar Post-Run: 3,273,654,272 bytes beschikbaar 265

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:51:53, on 30/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Windows Live\Family Safety\fssui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Ad Muncher\AdMunch.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Eraser\Eraser.exe C:\Program Files\Advanced System Optimizer\wallpaper.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide O4 - HKCU\..\Run: [systweak Wallpaper Changer] C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe O8 - Extra context menu item: Block frame with Ad Muncher - Ad Muncher O8 - Extra context menu item: Block image with Ad Muncher - Ad Muncher O8 - Extra context menu item: Block link with Ad Muncher - Ad Muncher O8 - Extra context menu item: Don't filter page with Ad Muncher - Ad Muncher O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Report page to the Ad Muncher developers - Ad Muncher O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220188919921 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220203462546 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- End of file - 12721 bytes ComboFix 08-11-29.03 - Samuel 2008-11-30 14:30:49.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.485 [GMT 1:00] Gestart vanuit: c:\documents and settings\Samuel\Mijn documenten\Spyware\CombosFix.exe gebruikte Opdracht switches :: c:\documents and settings\Samuel\Mijn documenten\Spyware\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE :: c:\windows\ashampoo_clipfisher_117_sm.exe c:\windows\system32\comdlg32.OCX c:\windows\system32\eaeabefeef7_d.ocx c:\windows\system32\MSWINSCK.ocx c:\windows\system32\mws77814.dll c:\windows\system32\richtx32.OCX c:\windows\system32\SBFC.dat c:\windows\system32\SBRC.dat c:\windows\system32\wertyu.dll c:\windows\system32\ws77814.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\ashampoo_clipfisher_117_sm.exe c:\windows\system32\comdlg32.OCX c:\windows\system32\eaeabefeef7_d.ocx c:\windows\system32\MSWINSCK.ocx c:\windows\system32\mws77814.dll c:\windows\system32\richtx32.OCX c:\windows\system32\SBFC.dat c:\windows\system32\SBRC.dat c:\windows\system32\wertyu.dll c:\windows\system32\ws77814.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))) . 2008-11-30 14:02 . 2008-11-30 14:11 <DIR> d-------- C:\SDFix 2008-11-30 13:24 . 2008-11-30 13:24 <DIR> d-------- c:\program files\JGoodies 2008-11-30 13:24 . 2008-11-30 13:24 <DIR> d-------- c:\documents and settings\Samuel\Application Data\JGoodies 2008-11-30 13:22 . 2008-11-30 13:23 <DIR> d-------- c:\program files\Disk Cleaner 2008-11-30 11:35 . 2008-11-30 11:35 <DIR> d-------- C:\VundoFix Backups 2008-11-30 11:23 . 2008-11-30 14:01 <DIR> d-------- c:\program files\Spyware Doctor 2008-11-30 11:23 . 2008-11-30 11:23 <DIR> d-------- c:\program files\Common Files\PC Tools 2008-11-30 11:23 . 2008-11-30 11:23 <DIR> d-------- c:\documents and settings\Samuel\Application Data\PC Tools 2008-11-30 11:23 . 2008-11-30 11:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2008-11-30 11:23 . 2008-07-28 12:29 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys 2008-11-30 11:23 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys 2008-11-30 11:23 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys 2008-11-30 11:23 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys 2008-11-30 11:23 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys 2008-11-29 21:43 . 2008-11-29 21:43 252 --a------ c:\windows\mgutil_reg.ini 2008-11-29 21:42 . 2008-11-29 21:42 <DIR> d-------- c:\program files\Mgutil 2008-11-29 21:42 . 2008-11-29 21:42 55 --a------ c:\windows\mgutil_win.ini 2008-11-29 19:45 . 2008-11-29 19:53 <DIR> d-------- C:\4DiskcleanG 2008-11-29 18:54 . 2008-11-29 19:45 341 --a------ c:\windows\mgreg.ini 2008-11-29 18:54 . 2008-11-29 19:45 30 --a------ c:\windows\mgwin.ini 2008-11-29 18:52 . 2008-11-29 19:45 <DIR> d-------- c:\program files\Mgtweak 2008-11-28 17:19 . 2008-11-28 17:19 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-11-28 17:19 . 2008-11-28 17:19 <DIR> d-------- c:\program files\Adobe Media Player 2008-11-26 18:55 . 2008-11-26 18:56 <DIR> d-------- c:\program files\Exifer 2008-11-24 21:06 . 2008-11-24 21:06 <DIR> d-------- c:\program files\GrabIt 2008-11-24 17:45 . 2008-11-24 17:45 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-24 17:45 . 2008-11-24 17:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-23 21:19 . 2008-11-23 21:19 <DIR> d-------- c:\program files\UnH Solutions 2008-11-23 21:03 . 2008-11-30 14:26 <DIR> d-------- c:\documents and settings\Samuel\Application Data\SiteAdvisor 2008-11-23 21:03 . 2008-11-23 21:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor 2008-11-23 21:03 . 2008-11-23 21:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee 2008-11-23 21:02 . 2008-11-23 21:13 <DIR> d-------- c:\program files\RegistryFix7 2008-11-23 20:56 . 2008-11-23 20:58 <DIR> d-------- c:\program files\Mp3 My Mp3 2.0 2008-11-23 20:55 . 2008-11-23 20:55 <DIR> d-------- c:\program files\NCH Swift Sound 2008-11-23 20:55 . 2008-11-23 20:55 <DIR> d-------- c:\documents and settings\Samuel\Application Data\NCH Swift Sound 2008-11-23 20:55 . 2008-11-23 20:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound 2008-11-23 20:52 . 2008-11-24 16:58 <DIR> d-------- c:\program files\Ad Muncher 2008-11-23 20:48 . 2008-11-23 20:48 <DIR> d-------- c:\program files\Unlocker 2008-11-23 20:43 . 2008-11-27 18:51 <DIR> d-------- c:\program files\a-squared Free 2008-11-23 14:23 . 2008-11-23 14:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-23 14:23 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-23 14:23 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-22 19:20 . 2008-11-22 19:20 <DIR> d-------- c:\program files\Lavasoft 2008-11-22 19:20 . 2008-11-23 21:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-22 19:09 . 2008-11-22 19:10 <DIR> d-------- c:\program files\CleanUp! 2008-11-22 17:57 . 2008-11-27 19:11 <DIR> d-------- c:\program files\Enigma Software Group 2008-11-22 17:02 . 2008-11-22 17:02 <DIR> d-------- c:\program files\Common Files\Download Manager 2008-11-22 17:02 . 2008-11-22 17:02 1,152 --a------ c:\windows\system32\windrv.sys 2008-11-22 15:58 . 2008-11-22 15:58 <DIR> d-------- c:\program files\ClamWinPortable 2008-11-21 21:27 . 2008-11-22 17:37 <DIR> d-------- C:\!KillBox 2008-11-21 21:22 . 2008-11-30 14:16 <DIR> d-------- c:\windows\system32\CatRoot2 2008-11-21 18:48 . 2008-11-21 18:48 <DIR> d-------- c:\program files\Trend Micro 2008-11-21 17:34 . 2008-11-21 17:34 <DIR> d-------- c:\windows\ERUNT 2008-11-20 22:21 . 2008-11-21 16:44 <DIR> d-------- c:\program files\Spyware Terminator 2008-11-20 22:21 . 2008-11-21 21:30 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Spyware Terminator 2008-11-20 22:21 . 2008-11-21 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator 2008-11-20 22:21 . 2008-11-20 22:21 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys 2008-11-20 21:05 . 2008-11-20 21:05 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Sunbelt Software 2008-11-15 21:48 . 2008-11-30 14:28 <DIR> dr-h----- c:\documents and settings\Samuel\Onlangs geopend 2008-11-15 14:16 . 2008-11-15 19:08 <DIR> d-------- c:\program files\Album Cover Art Downloader 2008-11-15 14:16 . 2008-11-15 14:37 <DIR> d-------- c:\documents and settings\Samuel\Application Data\albumart 2008-11-14 19:57 . 2008-11-14 19:57 <DIR> d-------- c:\program files\CopyRightLeft 2008-11-12 14:21 . 2008-11-12 16:08 <DIR> d-------- c:\program files\IObit 2008-11-11 18:38 . 2008-11-11 18:38 <DIR> d-------- c:\program files\Mp3tag 2008-11-11 18:38 . 2008-11-29 19:25 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Mp3tag 2008-11-11 15:42 . 2008-11-15 15:36 <DIR> d-------- c:\program files\MP3Gain 2008-11-11 14:28 . 2008-11-11 14:28 <DIR> d-------- c:\program files\Google 2008-11-11 14:26 . 2008-11-11 14:26 <DIR> d-------- c:\windows\system32\URTTemp 2008-11-10 21:52 . 2008-11-10 21:58 <DIR> d-------- c:\documents and settings\Samuel\Application Data\gtk-2.0 2008-11-10 21:52 . 2008-11-10 21:52 <DIR> d-------- c:\documents and settings\Samuel\.thumbnails 2008-11-10 21:15 . 2008-11-10 21:15 <DIR> d-------- c:\program files\DivX 2008-11-10 16:06 . 2008-11-11 11:46 <DIR> d-------- c:\program files\TagRename 2008-11-09 20:05 . 2008-11-11 12:07 <DIR> d-------- c:\documents and settings\Samuel\.gimp-2.6 2008-11-09 20:05 . 2008-11-09 20:05 <DIR> d-------- c:\documents and settings\Samuel\.gegl-0.0 2008-11-09 20:03 . 2008-11-09 20:03 <DIR> d-------- c:\program files\Gimp-2.0 2008-11-09 19:13 . 2008-11-09 19:13 <DIR> d-------- c:\program files\Symantec 2008-11-09 16:54 . 2008-11-09 16:54 <DIR> d-------- c:\program files\Nattyware 2008-11-08 15:09 . 2008-11-08 15:15 <DIR> d-------- c:\documents and settings\Samuel\Application Data\PowerChallenge 2008-11-03 19:03 . 2008-11-09 21:42 <DIR> d-------- c:\program files\CoreFTP 2008-11-03 19:03 . 2008-11-25 19:48 <DIR> d-------- c:\documents and settings\Samuel\Application Data\CoreFTP 2008-11-01 14:58 . 2008-11-01 15:02 <DIR> d-------- c:\windows\system32\Adobe 2008-10-28 19:15 . 2008-10-28 19:15 <DIR> d-------- c:\documents and settings\Samuel\Application Data\JGsoft 2008-10-18 15:16 . 2008-10-18 15:17 <DIR> d-------- C:\wamp 2008-10-17 19:20 . 2008-10-17 19:20 <DIR> d-------- c:\documents and settings\Samuel\Application Data\SmartFTP 2008-10-17 19:01 . 2008-10-19 15:20 <DIR> d-------- c:\documents and settings\Samuel\Application Data\FileZilla 2008-10-14 16:32 . 2008-11-09 21:42 <DIR> d-------- c:\program files\Eraser 2008-10-14 16:32 . 2008-10-14 16:32 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646} 2008-10-11 18:48 . 2008-10-11 18:48 <DIR> d--h----- c:\windows\PIF 2008-10-10 17:53 . 2008-11-08 16:03 <DIR> d-------- c:\program files\MessengerDiscovery 2008-10-09 16:26 . 2008-10-09 16:29 <DIR> d-------- c:\program files\RegSupreme Pro 2008-10-06 12:55 . 2008-10-06 12:55 <DIR> d-------- c:\program files\Microsoft Silverlight 2008-10-06 12:47 . 2008-10-06 12:47 <DIR> d-------- c:\program files\DAEMON Tools Toolbar 2008-10-06 12:46 . 2008-10-07 15:17 <DIR> d-------- c:\program files\DAEMON Tools Lite 2008-10-06 12:45 . 2008-10-06 12:45 <DIR> d-------- c:\documents and settings\Samuel\Application Data\DAEMON Tools 2008-10-06 12:45 . 2008-10-06 12:45 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2008-10-04 20:12 . 2008-10-04 20:12 2,289,152 --a------ c:\windows\system32\TUKernel.exe 2008-10-04 19:46 . 2008-10-04 19:46 <DIR> d-------- c:\program files\TuneUp Utilities 2008 2008-10-04 19:46 . 2008-11-23 21:16 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-10-04 19:46 . 2008-10-04 19:46 <DIR> d-------- c:\documents and settings\Samuel\Application Data\TuneUp Software 2008-10-04 19:46 . 2008-10-04 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software 2008-10-04 19:46 . 2008-10-04 19:46 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe 2008-10-04 19:46 . 2008-05-29 08:28 28,416 --a------ c:\windows\system32\uxtuneup.dll 2008-10-04 15:27 . 2008-10-04 15:27 <DIR> d-------- c:\program files\NKProds 2008-10-04 15:27 . 2008-10-04 15:27 <DIR> d-------- c:\documents and settings\Samuel\Application Data\nCleaner . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-30 13:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-27 17:59 --------- d-----w c:\program files\Advanced System Optimizer 2008-11-26 20:42 30 ----a-w c:\program files\Exiferupdate.ini 2008-11-22 16:36 --------- d-----w c:\documents and settings\Samuel\Application Data\uTorrent 2008-11-22 10:26 --------- d-----w c:\documents and settings\Samuel\Application Data\Creative 2008-11-11 13:29 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-10 17:52 --------- d-----w c:\program files\Common Files\Real 2008-11-09 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2008-11-01 13:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-10-27 21:24 --------- d-----w c:\program files\Common Files\Adobe 2008-10-07 17:57 --------- d-----w c:\program files\Prisma 2008-09-29 19:36 --------- d-----w c:\program files\Creative 2008-09-29 19:35 --------- d--h--w c:\program files\Creative Installation Information 2008-09-29 19:35 --------- d-----w c:\program files\Common Files\Creative 2008-09-29 19:34 --------- d-----w c:\documents and settings\All Users\Application Data\Creative 2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-08-30 19:51 499,712 ----a-w c:\windows\system32\msvcp71.dll 2008-08-30 19:51 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-08-30 19:29 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-08-30 11:17 606,848 ----a-w c:\windows\flashax.exe 2008-08-30 11:17 12,288 ----a-w c:\windows\impborl.dll 2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-23 916240] "Systweak Wallpaper Changer"="c:\program files\Advanced System Optimizer\wallpaper.exe" [2007-06-22 151280] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-13 2356088] "Startup Manager"="c:\program files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 919280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-02-13 86016] "Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2007-11-03 779776] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264] "nwiz"="nwiz.exe" [2006-02-13 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\Samuel\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact] 2008-04-16 13:24 165368 c:\windows\system32\RegCompact.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-11-30 160792] R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-08-31 43816] R2 fsssvc;Windows Live OneCare Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 523816] R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-08-30 16269] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-23 38496] S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice [2008-10-18 24635] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map 2008-11-30 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09] 2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS VERWIJDERD - - - - BHO-{E71F5184-35A9-3C29-99D1-B72C4506A596} - c:\windows\system32\mws77814.dll ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-30 14:31:44 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(904) c:\windows\system32\RegCompact.dll - - - - - - - > 'lsass.exe'(964) c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll c:\windows\system32\nvappfilter.dll . Voltooingstijd: 2008-11-30 14:32:21 ComboFix-quarantined-files.txt 2008-11-30 13:32:19 ComboFix2.txt 2008-11-30 13:19:09 ComboFix3.txt 2008-11-23 13:19:46 Pre-Run: 3.297.099.776 bytes beschikbaar Post-Run: 3,273,654,272 bytes beschikbaar 265

Nu dat ik net dacht dat ik verlost was van spyware, heb ik het weer zitten. Hier enkele screenshots. Hier de hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:17:27, on 29/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\uesiuqcr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Windows Live\Family Safety\fssui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Ad Muncher\AdMunch.exe C:\WINDOWS\system32\lphcehkj0eeap.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Eraser\Eraser.exe C:\Program Files\Advanced System Optimizer\wallpaper.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe, O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: getfn32.msiets - {80173D25-82E3-43FF-BED9-2593ACD63284} - C:\WINDOWS\system32\getfn32.dll O2 - BHO: D - {E71F5184-35A9-3C29-99D1-B72C4506A596} - C:\WINDOWS\system32\mws77814.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt O4 - HKLM\..\Run: [lphcehkj0eeap] C:\WINDOWS\system32\lphcehkj0eeap.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide O4 - HKCU\..\Run: [systweak Wallpaper Changer] C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe O8 - Extra context menu item: Block frame with Ad Muncher - Ad Muncher O8 - Extra context menu item: Block image with Ad Muncher - Ad Muncher O8 - Extra context menu item: Block link with Ad Muncher - Ad Muncher O8 - Extra context menu item: Don't filter page with Ad Muncher - Ad Muncher O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Report page to the Ad Muncher developers - Ad Muncher O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220188919921 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220203462546 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- End of file - 12325 bytes

Mijn probleem is opgelost zeker ? Waarvoor Dank.

ComboFix 08-11-22.02 - Samuel 2008-11-23 19:26:55.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.363 [GMT 1:00] Gestart vanuit: c:\documents and settings\Samuel\Mijn documenten\CombosFix.exe gebruikte Opdracht switches :: c:\documents and settings\Samuel\Mijn documenten\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE :: c:\windows\system32\tmp.reg c:\windows\system32\VCCLSID.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\VACFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\IEDFix.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\404Fix.exe c:\windows\system32\Process.exe c:\windows\system32\dumphive.exe c:\windows\system32\WS2Fix.exe c:\windows\system32\TDSSxfum.dll c:\windows\system32\TDSSrtql.dll c:\windows\system32\TDSShrxr.dll c:\windows\system32\TDSSlxwp.dll c:\windows\system32\TDSSlrvd.dat c:\windows\system32\TDSSoiqt.dll c:\windows\system32\kmqclfdc.dll c:\windows\system32\ttunjouh.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\tmp.reg c:\windows\system32\VCCLSID.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\VACFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\IEDFix.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\404Fix.exe c:\windows\system32\Process.exe c:\windows\system32\dumphive.exe c:\windows\system32\WS2Fix.exe c:\windows\system32\TDSSxfum.dll c:\windows\system32\TDSSrtql.dll c:\windows\system32\TDSShrxr.dll c:\windows\system32\TDSSlxwp.dll c:\windows\system32\TDSSlrvd.dat c:\windows\system32\TDSSoiqt.dll c:\windows\system32\kmqclfdc.dll c:\windows\system32\ttunjouh.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))) . 2008-11-23 14:23 . 2008-11-23 14:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-23 14:23 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-23 14:23 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-22 19:20 . 2008-11-22 19:20 <DIR> d-------- c:\program files\Lavasoft 2008-11-22 19:20 . 2008-11-22 19:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-22 19:09 . 2008-11-22 19:10 <DIR> d-------- c:\program files\CleanUp! 2008-11-22 17:57 . 2008-11-22 17:57 <DIR> d-------- c:\program files\Enigma Software Group 2008-11-22 17:02 . 2008-11-22 17:15 <DIR> d-------- c:\program files\SpyNoMore 2008-11-22 17:02 . 2008-11-22 17:02 <DIR> d-------- c:\program files\Common Files\Download Manager 2008-11-22 17:02 . 2008-11-22 17:02 1,152 --a------ c:\windows\system32\windrv.sys 2008-11-22 15:58 . 2008-11-22 15:58 <DIR> d-------- c:\program files\XoftSpySE 2008-11-22 15:58 . 2008-11-22 15:58 <DIR> d-------- c:\program files\ClamWinPortable 2008-11-21 21:27 . 2008-11-22 17:37 <DIR> d-------- C:\!KillBox 2008-11-21 21:22 . 2008-11-23 15:24 <DIR> d-------- c:\windows\system32\CatRoot2 2008-11-21 18:48 . 2008-11-21 18:48 <DIR> d-------- c:\program files\Trend Micro 2008-11-21 17:34 . 2008-11-21 17:34 <DIR> d-------- c:\windows\ERUNT 2008-11-20 22:21 . 2008-11-21 16:44 <DIR> d-------- c:\program files\Spyware Terminator 2008-11-20 22:21 . 2008-11-21 21:30 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Spyware Terminator 2008-11-20 22:21 . 2008-11-21 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator 2008-11-20 22:21 . 2008-11-20 22:21 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys 2008-11-20 21:05 . 2008-11-20 21:05 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Sunbelt Software 2008-11-20 21:05 . 2008-11-20 21:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sunbelt Software 2008-11-20 21:05 . 2008-11-20 21:05 0 --a------ c:\windows\system32\SBRC.dat 2008-11-20 21:05 . 2008-11-20 21:05 0 --a------ c:\windows\system32\SBFC.dat 2008-11-20 21:04 . 2008-11-20 21:04 <DIR> d-------- c:\program files\Sunbelt Software 2008-11-15 21:48 . 2008-11-23 16:05 <DIR> dr-h----- c:\documents and settings\Samuel\Onlangs geopend 2008-11-15 14:16 . 2008-11-15 19:08 <DIR> d-------- c:\program files\Album Cover Art Downloader 2008-11-15 14:16 . 2008-11-15 14:37 <DIR> d-------- c:\documents and settings\Samuel\Application Data\albumart 2008-11-14 19:57 . 2008-11-14 19:57 <DIR> d-------- c:\program files\CopyRightLeft 2008-11-12 14:21 . 2008-11-12 16:08 <DIR> d-------- c:\program files\IObit 2008-11-11 18:38 . 2008-11-11 18:38 <DIR> d-------- c:\program files\Mp3tag 2008-11-11 18:38 . 2008-11-11 18:38 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Mp3tag 2008-11-11 15:42 . 2008-11-15 15:36 <DIR> d-------- c:\program files\MP3Gain 2008-11-11 14:28 . 2008-11-11 14:28 <DIR> d-------- c:\program files\Google 2008-11-11 14:26 . 2008-11-11 14:26 <DIR> d-------- c:\windows\system32\URTTemp 2008-11-10 21:52 . 2008-11-10 21:58 <DIR> d-------- c:\documents and settings\Samuel\Application Data\gtk-2.0 2008-11-10 21:52 . 2008-11-10 21:52 <DIR> d-------- c:\documents and settings\Samuel\.thumbnails 2008-11-10 21:15 . 2008-11-10 21:15 <DIR> d-------- c:\program files\DivX 2008-11-10 16:06 . 2008-11-11 11:46 <DIR> d-------- c:\program files\TagRename 2008-11-09 20:05 . 2008-11-11 12:07 <DIR> d-------- c:\documents and settings\Samuel\.gimp-2.6 2008-11-09 20:05 . 2008-11-09 20:05 <DIR> d-------- c:\documents and settings\Samuel\.gegl-0.0 2008-11-09 20:03 . 2008-11-09 20:03 <DIR> d-------- c:\program files\Gimp-2.0 2008-11-09 19:13 . 2008-11-09 19:13 <DIR> d-------- c:\program files\Symantec 2008-11-09 16:54 . 2008-11-09 16:54 <DIR> d-------- c:\program files\Nattyware 2008-11-08 15:09 . 2008-11-08 15:15 <DIR> d-------- c:\documents and settings\Samuel\Application Data\PowerChallenge 2008-11-03 19:03 . 2008-11-09 21:42 <DIR> d-------- c:\program files\CoreFTP 2008-11-03 19:03 . 2008-11-18 21:07 <DIR> d-------- c:\documents and settings\Samuel\Application Data\CoreFTP 2008-11-01 14:58 . 2008-11-01 15:02 <DIR> d-------- c:\windows\system32\Adobe 2008-10-28 19:15 . 2008-10-28 19:15 <DIR> d-------- c:\documents and settings\Samuel\Application Data\JGsoft . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-22 18:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-22 16:36 --------- d-----w c:\documents and settings\Samuel\Application Data\uTorrent 2008-11-22 10:26 --------- d-----w c:\documents and settings\Samuel\Application Data\Creative 2008-11-11 13:29 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-10 17:52 --------- d-----w c:\program files\Common Files\Real 2008-11-09 20:42 --------- d-----w c:\program files\Eraser 2008-11-09 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2008-11-08 15:03 --------- d-----w c:\program files\MessengerDiscovery 2008-11-01 13:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-10-27 21:24 --------- d-----w c:\program files\Common Files\Adobe 2008-10-19 14:20 --------- d-----w c:\documents and settings\Samuel\Application Data\FileZilla 2008-10-17 18:20 --------- d-----w c:\documents and settings\Samuel\Application Data\SmartFTP 2008-10-17 15:41 --------- d-----w c:\program files\Avant Browser 2008-10-14 15:32 --------- d--h--w c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646} 2008-10-09 15:29 --------- d-----w c:\program files\RegSupreme Pro 2008-10-07 17:57 --------- d-----w c:\program files\Prisma 2008-10-07 14:17 --------- d-----w c:\program files\DAEMON Tools Lite 2008-10-06 11:55 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-06 11:47 --------- d-----w c:\program files\DAEMON Tools Toolbar 2008-10-06 11:45 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-10-06 11:45 --------- d-----w c:\documents and settings\Samuel\Application Data\DAEMON Tools 2008-10-04 19:12 2,289,152 ----a-w c:\windows\system32\TUKernel.exe 2008-10-04 18:46 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe 2008-10-04 18:46 --------- d-----w c:\program files\TuneUp Utilities 2008 2008-10-04 18:46 --------- d-----w c:\documents and settings\Samuel\Application Data\TuneUp Software 2008-10-04 18:46 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-10-04 14:27 --------- d-----w c:\program files\NKProds 2008-10-04 14:27 --------- d-----w c:\documents and settings\Samuel\Application Data\nCleaner 2008-09-29 19:36 --------- d-----w c:\program files\Creative 2008-09-29 19:35 --------- d--h--w c:\program files\Creative Installation Information 2008-09-29 19:35 --------- d-----w c:\program files\Common Files\Creative 2008-09-29 19:34 --------- d-----w c:\documents and settings\All Users\Application Data\Creative 2008-09-23 19:19 --------- d-----w c:\documents and settings\Samuel\Application Data\Media Player Classic 2008-09-23 18:58 --------- d-----w c:\program files\Graphmatica 2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-08-30 19:51 499,712 ----a-w c:\windows\system32\msvcp71.dll 2008-08-30 19:51 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-08-30 19:29 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-08-30 11:17 606,848 ----a-w c:\windows\flashax.exe 2008-08-30 11:17 12,288 ----a-w c:\windows\impborl.dll 2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-23 916240] "Systweak Wallpaper Changer"="c:\program files\Advanced System Optimizer\wallpaper.exe" [2007-06-22 151280] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-13 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-02-13 86016] "Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SBCSTray"="c:\program files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-11-28 698864] "SNM"="c:\program files\SpyNoMore\SNM.exe" [2008-11-22 1058816] "SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256] "nwiz"="nwiz.exe" [2006-02-13 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\Samuel\Menu Start\Programma's\Opstarten\ Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-09-01 260096] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact] 2008-04-16 13:24 165368 c:\windows\system32\RegCompact.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-08-31 43816] R2 fsssvc;Windows Live OneCare Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 523816] R2 UxTuneUp;TuneUp Thema-uitbreiding;c:\windows\System32\svchost.exe -k netsvcs [2008-04-15 14336] R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-08-30 16269] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-10-04 355584] S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice [2008-10-18 24635] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map 2008-11-23 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09] 2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-23 16:28:53 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(908) c:\windows\system32\RegCompact.dll c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll - - - - - - - > 'lsass.exe'(964) c:\windows\system32\nvappfilter.dll c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll . Voltooingstijd: 2008-11-23 16:29:51 ComboFix-quarantined-files.txt 2008-11-23 15:29:49 ComboFix2.txt 2008-11-23 13:19:46 Pre-Run: 2.736.738.304 bytes beschikbaar Post-Run: 2,767,720,448 bytes beschikbaar 242 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:30:17, on 23/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Windows Live\Family Safety\fssui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Eraser\Eraser.exe C:\Program Files\Advanced System Optimizer\wallpaper.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Adobe Media Player\Adobe Media Player.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide O4 - HKCU\..\Run: [systweak Wallpaper Changer] C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220188919921 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220203462546 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- End of file - 10798 bytes

ComboFix 08-11-22.02 - Samuel 2008-11-23 19:26:55.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.363 [GMT 1:00] Gestart vanuit: c:\documents and settings\Samuel\Mijn documenten\CombosFix.exe gebruikte Opdracht switches :: c:\documents and settings\Samuel\Mijn documenten\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE :: c:\windows\system32\tmp.reg c:\windows\system32\VCCLSID.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\VACFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\IEDFix.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\404Fix.exe c:\windows\system32\Process.exe c:\windows\system32\dumphive.exe c:\windows\system32\WS2Fix.exe c:\windows\system32\TDSSxfum.dll c:\windows\system32\TDSSrtql.dll c:\windows\system32\TDSShrxr.dll c:\windows\system32\TDSSlxwp.dll c:\windows\system32\TDSSlrvd.dat c:\windows\system32\TDSSoiqt.dll c:\windows\system32\kmqclfdc.dll c:\windows\system32\ttunjouh.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\tmp.reg c:\windows\system32\VCCLSID.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\VACFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\IEDFix.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\404Fix.exe c:\windows\system32\Process.exe c:\windows\system32\dumphive.exe c:\windows\system32\WS2Fix.exe c:\windows\system32\TDSSxfum.dll c:\windows\system32\TDSSrtql.dll c:\windows\system32\TDSShrxr.dll c:\windows\system32\TDSSlxwp.dll c:\windows\system32\TDSSlrvd.dat c:\windows\system32\TDSSoiqt.dll c:\windows\system32\kmqclfdc.dll c:\windows\system32\ttunjouh.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))) . 2008-11-23 14:23 . 2008-11-23 14:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-23 14:23 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-23 14:23 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-22 19:20 . 2008-11-22 19:20 <DIR> d-------- c:\program files\Lavasoft 2008-11-22 19:20 . 2008-11-22 19:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-22 19:09 . 2008-11-22 19:10 <DIR> d-------- c:\program files\CleanUp! 2008-11-22 17:57 . 2008-11-22 17:57 <DIR> d-------- c:\program files\Enigma Software Group 2008-11-22 17:02 . 2008-11-22 17:15 <DIR> d-------- c:\program files\SpyNoMore 2008-11-22 17:02 . 2008-11-22 17:02 <DIR> d-------- c:\program files\Common Files\Download Manager 2008-11-22 17:02 . 2008-11-22 17:02 1,152 --a------ c:\windows\system32\windrv.sys 2008-11-22 15:58 . 2008-11-22 15:58 <DIR> d-------- c:\program files\XoftSpySE 2008-11-22 15:58 . 2008-11-22 15:58 <DIR> d-------- c:\program files\ClamWinPortable 2008-11-21 21:27 . 2008-11-22 17:37 <DIR> d-------- C:\!KillBox 2008-11-21 21:22 . 2008-11-23 15:24 <DIR> d-------- c:\windows\system32\CatRoot2 2008-11-21 18:48 . 2008-11-21 18:48 <DIR> d-------- c:\program files\Trend Micro 2008-11-21 17:34 . 2008-11-21 17:34 <DIR> d-------- c:\windows\ERUNT 2008-11-20 22:21 . 2008-11-21 16:44 <DIR> d-------- c:\program files\Spyware Terminator 2008-11-20 22:21 . 2008-11-21 21:30 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Spyware Terminator 2008-11-20 22:21 . 2008-11-21 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator 2008-11-20 22:21 . 2008-11-20 22:21 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys 2008-11-20 21:05 . 2008-11-20 21:05 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Sunbelt Software 2008-11-20 21:05 . 2008-11-20 21:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sunbelt Software 2008-11-20 21:05 . 2008-11-20 21:05 0 --a------ c:\windows\system32\SBRC.dat 2008-11-20 21:05 . 2008-11-20 21:05 0 --a------ c:\windows\system32\SBFC.dat 2008-11-20 21:04 . 2008-11-20 21:04 <DIR> d-------- c:\program files\Sunbelt Software 2008-11-15 21:48 . 2008-11-23 16:05 <DIR> dr-h----- c:\documents and settings\Samuel\Onlangs geopend 2008-11-15 14:16 . 2008-11-15 19:08 <DIR> d-------- c:\program files\Album Cover Art Downloader 2008-11-15 14:16 . 2008-11-15 14:37 <DIR> d-------- c:\documents and settings\Samuel\Application Data\albumart 2008-11-14 19:57 . 2008-11-14 19:57 <DIR> d-------- c:\program files\CopyRightLeft 2008-11-12 14:21 . 2008-11-12 16:08 <DIR> d-------- c:\program files\IObit 2008-11-11 18:38 . 2008-11-11 18:38 <DIR> d-------- c:\program files\Mp3tag 2008-11-11 18:38 . 2008-11-11 18:38 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Mp3tag 2008-11-11 15:42 . 2008-11-15 15:36 <DIR> d-------- c:\program files\MP3Gain 2008-11-11 14:28 . 2008-11-11 14:28 <DIR> d-------- c:\program files\Google 2008-11-11 14:26 . 2008-11-11 14:26 <DIR> d-------- c:\windows\system32\URTTemp 2008-11-10 21:52 . 2008-11-10 21:58 <DIR> d-------- c:\documents and settings\Samuel\Application Data\gtk-2.0 2008-11-10 21:52 . 2008-11-10 21:52 <DIR> d-------- c:\documents and settings\Samuel\.thumbnails 2008-11-10 21:15 . 2008-11-10 21:15 <DIR> d-------- c:\program files\DivX 2008-11-10 16:06 . 2008-11-11 11:46 <DIR> d-------- c:\program files\TagRename 2008-11-09 20:05 . 2008-11-11 12:07 <DIR> d-------- c:\documents and settings\Samuel\.gimp-2.6 2008-11-09 20:05 . 2008-11-09 20:05 <DIR> d-------- c:\documents and settings\Samuel\.gegl-0.0 2008-11-09 20:03 . 2008-11-09 20:03 <DIR> d-------- c:\program files\Gimp-2.0 2008-11-09 19:13 . 2008-11-09 19:13 <DIR> d-------- c:\program files\Symantec 2008-11-09 16:54 . 2008-11-09 16:54 <DIR> d-------- c:\program files\Nattyware 2008-11-08 15:09 . 2008-11-08 15:15 <DIR> d-------- c:\documents and settings\Samuel\Application Data\PowerChallenge 2008-11-03 19:03 . 2008-11-09 21:42 <DIR> d-------- c:\program files\CoreFTP 2008-11-03 19:03 . 2008-11-18 21:07 <DIR> d-------- c:\documents and settings\Samuel\Application Data\CoreFTP 2008-11-01 14:58 . 2008-11-01 15:02 <DIR> d-------- c:\windows\system32\Adobe 2008-10-28 19:15 . 2008-10-28 19:15 <DIR> d-------- c:\documents and settings\Samuel\Application Data\JGsoft . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-22 18:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-22 16:36 --------- d-----w c:\documents and settings\Samuel\Application Data\uTorrent 2008-11-22 10:26 --------- d-----w c:\documents and settings\Samuel\Application Data\Creative 2008-11-11 13:29 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-10 17:52 --------- d-----w c:\program files\Common Files\Real 2008-11-09 20:42 --------- d-----w c:\program files\Eraser 2008-11-09 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2008-11-08 15:03 --------- d-----w c:\program files\MessengerDiscovery 2008-11-01 13:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-10-27 21:24 --------- d-----w c:\program files\Common Files\Adobe 2008-10-19 14:20 --------- d-----w c:\documents and settings\Samuel\Application Data\FileZilla 2008-10-17 18:20 --------- d-----w c:\documents and settings\Samuel\Application Data\SmartFTP 2008-10-17 15:41 --------- d-----w c:\program files\Avant Browser 2008-10-14 15:32 --------- d--h--w c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646} 2008-10-09 15:29 --------- d-----w c:\program files\RegSupreme Pro 2008-10-07 17:57 --------- d-----w c:\program files\Prisma 2008-10-07 14:17 --------- d-----w c:\program files\DAEMON Tools Lite 2008-10-06 11:55 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-06 11:47 --------- d-----w c:\program files\DAEMON Tools Toolbar 2008-10-06 11:45 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-10-06 11:45 --------- d-----w c:\documents and settings\Samuel\Application Data\DAEMON Tools 2008-10-04 19:12 2,289,152 ----a-w c:\windows\system32\TUKernel.exe 2008-10-04 18:46 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe 2008-10-04 18:46 --------- d-----w c:\program files\TuneUp Utilities 2008 2008-10-04 18:46 --------- d-----w c:\documents and settings\Samuel\Application Data\TuneUp Software 2008-10-04 18:46 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-10-04 14:27 --------- d-----w c:\program files\NKProds 2008-10-04 14:27 --------- d-----w c:\documents and settings\Samuel\Application Data\nCleaner 2008-09-29 19:36 --------- d-----w c:\program files\Creative 2008-09-29 19:35 --------- d--h--w c:\program files\Creative Installation Information 2008-09-29 19:35 --------- d-----w c:\program files\Common Files\Creative 2008-09-29 19:34 --------- d-----w c:\documents and settings\All Users\Application Data\Creative 2008-09-23 19:19 --------- d-----w c:\documents and settings\Samuel\Application Data\Media Player Classic 2008-09-23 18:58 --------- d-----w c:\program files\Graphmatica 2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-08-30 19:51 499,712 ----a-w c:\windows\system32\msvcp71.dll 2008-08-30 19:51 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-08-30 19:29 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-08-30 11:17 606,848 ----a-w c:\windows\flashax.exe 2008-08-30 11:17 12,288 ----a-w c:\windows\impborl.dll 2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-23 916240] "Systweak Wallpaper Changer"="c:\program files\Advanced System Optimizer\wallpaper.exe" [2007-06-22 151280] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-13 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-02-13 86016] "Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SBCSTray"="c:\program files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-11-28 698864] "SNM"="c:\program files\SpyNoMore\SNM.exe" [2008-11-22 1058816] "SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256] "nwiz"="nwiz.exe" [2006-02-13 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\Samuel\Menu Start\Programma's\Opstarten\ Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-09-01 260096] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact] 2008-04-16 13:24 165368 c:\windows\system32\RegCompact.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-08-31 43816] R2 fsssvc;Windows Live OneCare Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 523816] R2 UxTuneUp;TuneUp Thema-uitbreiding;c:\windows\System32\svchost.exe -k netsvcs [2008-04-15 14336] R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-08-30 16269] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-10-04 355584] S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice [2008-10-18 24635] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map 2008-11-23 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09] 2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-23 16:28:53 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(908) c:\windows\system32\RegCompact.dll c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll - - - - - - - > 'lsass.exe'(964) c:\windows\system32\nvappfilter.dll c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll . Voltooingstijd: 2008-11-23 16:29:51 ComboFix-quarantined-files.txt 2008-11-23 15:29:49 ComboFix2.txt 2008-11-23 13:19:46 Pre-Run: 2.736.738.304 bytes beschikbaar Post-Run: 2,767,720,448 bytes beschikbaar 242 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:30:17, on 23/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Windows Live\Family Safety\fssui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Eraser\Eraser.exe C:\Program Files\Advanced System Optimizer\wallpaper.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Adobe Media Player\Adobe Media Player.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide O4 - HKCU\..\Run: [systweak Wallpaper Changer] C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220188919921 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220203462546 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- End of file - 10798 bytes

Gelukt. ComboFix 08-11-22.02 - Samuel 2008-11-23 14:15:27.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.717 [GMT 1:00] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\dllcache\beep.sys c:\windows\system32\eafadbdf6_d.dll c:\windows\system32\umpndreu.dll c:\windows\system32\w32apiw.dll c:\windows\system32\wutcplos.dll c:\windows\system32\xrbdsy.dll c:\windows\system32\xvozzn.dll c:\windows\system32\yhbtrpbt.ini c:\windows\system32\yiqrjxuk.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TDSSSERV.SYS -------\Legacy_TDSSSERV.SYS (((((((((((((((((((( Bestanden Gemaakt van 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))) . 2008-11-22 19:20 . 2008-11-22 19:20 <DIR> d-------- c:\program files\Lavasoft 2008-11-22 19:20 . 2008-11-22 19:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-22 19:09 . 2008-11-22 19:10 <DIR> d-------- c:\program files\CleanUp! 2008-11-22 18:06 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe 2008-11-22 18:06 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe 2008-11-22 18:06 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe 2008-11-22 18:06 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe 2008-11-22 18:06 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe 2008-11-22 18:06 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe 2008-11-22 18:06 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe 2008-11-22 18:06 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe 2008-11-22 18:06 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe 2008-11-22 18:06 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe 2008-11-22 18:06 . 2008-11-22 18:06 3,934 --a------ c:\windows\system32\tmp.reg 2008-11-22 17:57 . 2008-11-22 17:57 <DIR> d-------- c:\program files\Enigma Software Group 2008-11-22 17:02 . 2008-11-22 17:15 <DIR> d-------- c:\program files\SpyNoMore 2008-11-22 17:02 . 2008-11-22 17:02 <DIR> d-------- c:\program files\Common Files\Download Manager 2008-11-22 17:02 . 2008-11-22 17:02 1,152 --a------ c:\windows\system32\windrv.sys 2008-11-22 15:58 . 2008-11-22 15:58 <DIR> d-------- c:\program files\XoftSpySE 2008-11-22 15:58 . 2008-11-22 15:58 <DIR> d-------- c:\program files\ClamWinPortable 2008-11-21 21:27 . 2008-11-22 17:37 <DIR> d-------- C:\!KillBox 2008-11-21 21:22 . 2008-11-23 14:15 <DIR> d-------- c:\windows\system32\CatRoot2 2008-11-21 18:53 . 2008-11-21 21:00 73,728 --a------ c:\windows\system32\TDSSxfum.dll 2008-11-21 18:53 . 2008-11-21 20:59 31,232 --a------ c:\windows\system32\TDSSrtql.dll 2008-11-21 18:53 . 2008-11-21 20:59 29,696 --a------ c:\windows\system32\TDSShrxr.dll 2008-11-21 18:53 . 2008-11-23 14:07 2,336 --a------ c:\windows\system32\TDSSlxwp.dll 2008-11-21 18:53 . 2008-11-21 20:59 527 --a------ c:\windows\system32\TDSSlrvd.dat 2008-11-21 18:48 . 2008-11-21 18:48 <DIR> d-------- c:\program files\Trend Micro 2008-11-21 18:45 . 2008-11-21 20:59 35,840 --a------ c:\windows\system32\TDSSoiqt.dll 2008-11-21 17:34 . 2008-11-21 17:34 <DIR> d-------- c:\windows\ERUNT 2008-11-20 22:21 . 2008-11-21 16:44 <DIR> d-------- c:\program files\Spyware Terminator 2008-11-20 22:21 . 2008-11-21 21:30 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Spyware Terminator 2008-11-20 22:21 . 2008-11-21 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator 2008-11-20 22:21 . 2008-11-20 22:21 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys 2008-11-20 21:05 . 2008-11-20 21:05 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Sunbelt Software 2008-11-20 21:05 . 2008-11-20 21:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sunbelt Software 2008-11-20 21:05 . 2008-11-20 21:05 0 --a------ c:\windows\system32\SBRC.dat 2008-11-20 21:05 . 2008-11-20 21:05 0 --a------ c:\windows\system32\SBFC.dat 2008-11-20 21:04 . 2008-11-20 21:04 <DIR> d-------- c:\program files\Sunbelt Software 2008-11-20 20:00 . 2008-11-21 20:59 60,416 --a------ c:\windows\system32\drivers\TDSSmqlt.sys 2008-11-15 21:48 . 2008-11-23 14:12 <DIR> dr-h----- c:\documents and settings\Samuel\Onlangs geopend 2008-11-15 14:16 . 2008-11-15 19:08 <DIR> d-------- c:\program files\Album Cover Art Downloader 2008-11-15 14:16 . 2008-11-15 14:37 <DIR> d-------- c:\documents and settings\Samuel\Application Data\albumart 2008-11-14 19:57 . 2008-11-14 19:57 <DIR> d-------- c:\program files\CopyRightLeft 2008-11-12 14:21 . 2008-11-12 16:08 <DIR> d-------- c:\program files\IObit 2008-11-11 18:38 . 2008-11-11 18:38 <DIR> d-------- c:\program files\Mp3tag 2008-11-11 18:38 . 2008-11-11 18:38 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Mp3tag 2008-11-11 15:42 . 2008-11-15 15:36 <DIR> d-------- c:\program files\MP3Gain 2008-11-11 14:28 . 2008-11-11 14:28 <DIR> d-------- c:\program files\Google 2008-11-11 14:26 . 2008-11-11 14:26 <DIR> d-------- c:\windows\system32\URTTemp 2008-11-10 21:52 . 2008-11-10 21:58 <DIR> d-------- c:\documents and settings\Samuel\Application Data\gtk-2.0 2008-11-10 21:52 . 2008-11-10 21:52 <DIR> d-------- c:\documents and settings\Samuel\.thumbnails 2008-11-10 21:15 . 2008-11-10 21:15 <DIR> d-------- c:\program files\DivX 2008-11-10 16:06 . 2008-11-11 11:46 <DIR> d-------- c:\program files\TagRename 2008-11-09 20:05 . 2008-11-11 12:07 <DIR> d-------- c:\documents and settings\Samuel\.gimp-2.6 2008-11-09 20:05 . 2008-11-09 20:05 <DIR> d-------- c:\documents and settings\Samuel\.gegl-0.0 2008-11-09 20:03 . 2008-11-09 20:03 <DIR> d-------- c:\program files\Gimp-2.0 2008-11-09 19:13 . 2008-11-09 19:13 <DIR> d-------- c:\program files\Symantec 2008-11-09 16:54 . 2008-11-09 16:54 <DIR> d-------- c:\program files\Nattyware 2008-11-09 15:13 . 2008-11-09 15:13 40,960 --a------ c:\windows\system32\kmqclfdc.dll 2008-11-08 15:09 . 2008-11-08 15:15 <DIR> d-------- c:\documents and settings\Samuel\Application Data\PowerChallenge 2008-11-08 15:03 . 2008-11-08 15:03 40,960 --a------ c:\windows\system32\ttunjouh.dll 2008-11-03 19:03 . 2008-11-09 21:42 <DIR> d-------- c:\program files\CoreFTP 2008-11-03 19:03 . 2008-11-18 21:07 <DIR> d-------- c:\documents and settings\Samuel\Application Data\CoreFTP 2008-11-01 14:58 . 2008-11-01 15:02 <DIR> d-------- c:\windows\system32\Adobe 2008-10-28 19:15 . 2008-10-28 19:15 <DIR> d-------- c:\documents and settings\Samuel\Application Data\JGsoft . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-22 18:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-22 16:36 --------- d-----w c:\documents and settings\Samuel\Application Data\uTorrent 2008-11-22 10:26 --------- d-----w c:\documents and settings\Samuel\Application Data\Creative 2008-11-11 13:29 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-10 17:52 --------- d-----w c:\program files\Common Files\Real 2008-11-09 20:42 --------- d-----w c:\program files\Eraser 2008-11-09 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2008-11-08 15:03 --------- d-----w c:\program files\MessengerDiscovery 2008-11-01 13:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-10-27 21:24 --------- d-----w c:\program files\Common Files\Adobe 2008-10-19 14:20 --------- d-----w c:\documents and settings\Samuel\Application Data\FileZilla 2008-10-17 18:20 --------- d-----w c:\documents and settings\Samuel\Application Data\SmartFTP 2008-10-17 15:41 --------- d-----w c:\program files\Avant Browser 2008-10-14 15:32 --------- d--h--w c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646} 2008-10-09 15:29 --------- d-----w c:\program files\RegSupreme Pro 2008-10-07 17:57 --------- d-----w c:\program files\Prisma 2008-10-07 14:17 --------- d-----w c:\program files\DAEMON Tools Lite 2008-10-06 11:55 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-06 11:47 --------- d-----w c:\program files\DAEMON Tools Toolbar 2008-10-06 11:45 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-10-06 11:45 --------- d-----w c:\documents and settings\Samuel\Application Data\DAEMON Tools 2008-10-04 18:46 --------- d-----w c:\program files\TuneUp Utilities 2008 2008-10-04 18:46 --------- d-----w c:\documents and settings\Samuel\Application Data\TuneUp Software 2008-10-04 18:46 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-10-04 14:27 --------- d-----w c:\program files\NKProds 2008-10-04 14:27 --------- d-----w c:\documents and settings\Samuel\Application Data\nCleaner 2008-09-29 19:36 --------- d-----w c:\program files\Creative 2008-09-29 19:35 --------- d--h--w c:\program files\Creative Installation Information 2008-09-29 19:35 --------- d-----w c:\program files\Common Files\Creative 2008-09-29 19:34 --------- d-----w c:\documents and settings\All Users\Application Data\Creative 2008-09-23 19:19 --------- d-----w c:\documents and settings\Samuel\Application Data\Media Player Classic 2008-09-23 18:58 --------- d-----w c:\program files\Graphmatica 2008-08-30 11:17 606,848 ----a-w c:\windows\flashax.exe 2008-08-30 11:17 12,288 ----a-w c:\windows\impborl.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-23 916240] "Systweak Wallpaper Changer"="c:\program files\Advanced System Optimizer\wallpaper.exe" [2007-06-22 151280] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-13 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-02-13 86016] "Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SBCSTray"="c:\program files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-11-28 698864] "SNM"="c:\program files\SpyNoMore\SNM.exe" [2008-11-22 1058816] "SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256] "nwiz"="nwiz.exe" [2006-02-13 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\Samuel\Menu Start\Programma's\Opstarten\ Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-09-01 260096] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact] 2008-04-16 13:24 165368 c:\windows\system32\RegCompact.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-08-31 43816] R2 fsssvc;Windows Live OneCare Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 523816] R2 UxTuneUp;TuneUp Thema-uitbreiding;c:\windows\System32\svchost.exe -k netsvcs [2008-04-15 14336] R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-08-30 16269] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-10-04 355584] S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice [2008-10-18 24635] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - MCHINJDRV . Inhoud van de 'Gedeelde Taken' map 2008-11-23 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09] 2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Bijkomende Scan ------- . FireFox -: Profile - c:\documents and settings\Samuel\Application Data\Mozilla\Firefox\Profiles\wy0h43wd.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.be FF -: plugin - c:\documents and settings\Samuel\Application Data\Mozilla\Firefox\Profiles\wy0h43wd.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-23 14:17:48 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(908) c:\windows\system32\RegCompact.dll c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll - - - - - - - > 'lsass.exe'(964) c:\windows\system32\nvappfilter.dll c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\ATKKBService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\program files\Sunbelt Software\CounterSpy\SBCSSvc.exe c:\program files\Spyware Terminator\sp_rsser.exe c:\windows\system32\wdfmgr.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\iPod\bin\iPodService.exe c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe . ************************************************************************** . Voltooingstijd: 2008-11-23 14:19:44 - machine werd herstart ComboFix-quarantined-files.txt 2008-11-23 13:19:40 Pre-Run: 2,771,767,296 bytes beschikbaar Post-Run: 2,824,781,824 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer /TUTag=4KGVV1 /Kernel=TUKernel.exe multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /usepmtimer /TUTag=4KGVV1-BAK 273

Heb maar iets anders gezocht, ik hoop dat je hier mee wat bent. SmitFraudFix v2.376 Scan done at 18:06:44,32, za 22/11/2008 Run from C:\Documents and Settings\Samuel\Mijn documenten\Folder OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT The filesystem type is Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Windows Live\Family Safety\fssui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Eraser\Eraser.exe C:\Program Files\Advanced System Optimizer\wallpaper.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Adobe Media Player\Adobe Media Player.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Avant Browser\avant.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Samuel »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Samuel\LOCALS~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Samuel\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Samuel\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Mijn huidige introductiepagina" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK C:\WINDOWS\system32\drivers\beep.sys infected ! »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: ASUS USB Wireless Network Adapter - Pakketplanner-minipoort DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{80BC753B-C343-4364-81AB-203A5AB04094}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{80BC753B-C343-4364-81AB-203A5AB04094}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{80BC753B-C343-4364-81AB-203A5AB04094}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

Ik kan Combofix niet downloaden, heb het dan maar gedownload op een andere computer en geprobeerd het te starten, maar dat lukte ook niet. Buiten SDFix heb ik ook AFT Cleaner gebruikt. Ik hoop dat dit probleem opgelost kan worden.