myt

neen, alles blijkt normaal te werken... dus deze discussie dan als "opgelost" markeren? bedankt voor de hulp, super site!

ik gebruik mijn pc momenteel nog zo weinig mogelijk, binnen wat ik doe lijkt alles normaal, maar dat was al zo van voor de combofix scan, en deze scan heeft wel nog de eerste keer abnormale dingen gevonden dacht ik. ikzelf wist niet dat je zo ver moest gaan om die infectie ervan af te halen, maar zou toch graag zeker zijn dat alles weg is... ik was op vakantie de laatste dagen, daarmee dat het iets langer geduurd heeft voor ik kon antwoorden. toch nogmaals superbedankt voor de moeite die jullie doen!!

eerste maal had ik combofix uitgevoerd maar vond hierna die log niet meer terug, heb het net nogmaals laten lopen, hier combofix log: nogmaals bedankt! ComboFix 12-04-11.01 - Joachim 14/04/2012 14:07:46.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3536.2942 [GMT 2:00] Gestart vanuit: c:\documents and settings\Joachim\Bureaublad\ComboFix.exe AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))) . . 2012-04-10 15:16 . 2012-04-11 18:53 -------- d--h--r- c:\documents and settings\Joachim\Onlangs geopend 2012-04-10 12:47 . 2012-04-10 12:47 -------- d-----w- c:\program files\CCleaner 2012-04-10 11:32 . 2012-04-10 11:32 388096 ----a-r- c:\documents and settings\Joachim\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-04-10 11:32 . 2012-04-10 11:32 -------- d-----w- c:\program files\Trend Micro 2012-04-04 21:46 . 2012-04-05 06:14 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-04 13:56 . 2011-03-03 21:48 22344 ----a-w- c:\winnt\system32\drivers\mbam.sys 2012-02-03 09:57 . 2006-04-24 13:31 1860224 ----a-w- c:\winnt\system32\win32k.sys 2012-01-29 10:38 . 2012-01-29 10:38 18816 ----a-w- c:\winnt\system32\drivers\dvd43llh.sys 2006-06-26 13:31 . 2008-11-25 08:06 4390 -c--a-w- c:\program files\jintegra_regjvm_JavaKwsVM.reg . . ((((((((((((((((((((((((((((( SnapShot@2012-04-11_19.06.46 ))))))))))))))))))))))))))))))))))))))))) . + 2012-04-14 11:47 . 2012-04-14 11:47 16384 c:\winnt\Temp\Perflib_Perfdata_8d4.dat + 2012-04-14 11:47 . 2012-04-14 11:47 16384 c:\winnt\Temp\Perflib_Perfdata_6b0.dat - 2006-04-24 13:30 . 2012-04-11 12:53 85342 c:\winnt\system32\perfc013.dat + 2006-04-24 13:30 . 2012-04-14 11:51 85342 c:\winnt\system32\perfc013.dat - 2006-04-24 13:30 . 2012-04-11 12:53 67282 c:\winnt\system32\perfc009.dat + 2006-04-24 13:30 . 2012-04-14 11:51 67282 c:\winnt\system32\perfc009.dat + 2006-04-24 13:30 . 2012-04-14 11:51 497804 c:\winnt\system32\perfh013.dat - 2006-04-24 13:30 . 2012-04-11 12:53 497804 c:\winnt\system32\perfh013.dat - 2006-04-24 13:30 . 2012-04-11 12:53 431478 c:\winnt\system32\perfh009.dat + 2006-04-24 13:30 . 2012-04-14 11:51 431478 c:\winnt\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Joachim\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Joachim\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Joachim\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Joachim\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-07 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "AESTFltr"="c:\winnt\system32\AESTFltr.exe" [2008-05-20 466944] "Synchronization Manager"="c:\winnt\system32\mobsync.exe" [2008-04-14 144384] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "EPA_EZ_GPO_Tool"="c:\winnt\system32\EZ_GPO_Tool.exe" [2005-01-21 69632] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-03-27 136768] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-22 442467] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-25 124224] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2011-10-24 421888] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480] "IgfxTray"="c:\winnt\system32\igfxtray.exe" [2011-03-08 136216] "HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2011-03-08 170008] "Persistence"="c:\winnt\system32\igfxpers.exe" [2011-03-08 145432] "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\TmNationsForever\\TmForever.exe"= "c:\\Documents and Settings\\Joachim\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Documents and Settings\\Joachim\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 3\\iw5sp.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 3\\iw5mp_server.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 3\\iw5mp.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [31/07/2008 22:41 808296] R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [31/07/2008 22:41 21352] R2 EPA_GPO_PMService;Energy Star EZ GPO Power Management Configuration Tool;c:\winnt\system32\PMService.exe [21/01/2005 16:07 81920] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/03/2011 23:48 654408] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [25/08/2010 20:07 22816] R2 mfevtp;McAfee Validation Trust Protection Service;c:\winnt\system32\mfevtps.exe [22/10/2010 13:01 69192] R3 AESTAud;AE Audio Service;c:\winnt\system32\drivers\AESTAud.sys [3/09/2008 15:05 108160] R3 cvusbdrv;Broadcom USH CV;c:\winnt\system32\drivers\cvusbdrv.sys [25/11/2008 10:36 32808] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\winnt\system32\drivers\e1y5132.sys [3/09/2008 14:33 244368] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\winnt\system32\drivers\IntcHdmi.sys [6/01/2012 15:16 116224] R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [3/03/2011 23:48 22344] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/01/2011 15:48 136176] S3 camfilt2;camfilt2;c:\winnt\system32\drivers\camfilt2.sys [8/01/2011 16:02 94720] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2/06/2011 11:08 11336] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/01/2011 15:48 136176] S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [22/10/2010 13:01 66536] S3 Revoflt;Revoflt;c:\winnt\system32\drivers\revoflt.sys [19/01/2010 19:56 27064] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL *Deregistered* - uphcleanhlp . Inhoud van de 'Gedeelde Taken' map . 2012-03-17 c:\winnt\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2012-03-25 c:\winnt\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-07 06:14] . 2012-04-14 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 13:48] . 2012-04-11 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 13:48] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.standaard.be/index.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} - hxxp://ua.foto.com/ImageUploader6.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-14 14:14 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL" "C040AC1900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(1828) c:\documents and settings\Joachim\Application Data\Dropbox\bin\DropboxExt.14.dll c:\winnt\system32\webcheck.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll . Voltooingstijd: 2012-04-14 14:15:18 ComboFix-quarantined-files.txt 2012-04-14 12:15 ComboFix2.txt 2012-04-11 19:08 . Pre-Run: 29.221.900.288 bytes beschikbaar Post-Run: 29.218.537.472 bytes beschikbaar . - - End Of File - - 053FD52BB57BE08FCA68D850F46F8F1C

Bedankt voor de snelle reactie! nieuwe hijack this log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:08:04, on 10/04/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe C:\WINNT\Explorer.EXE C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\Program Files\Apoint\Apoint.exe C:\WINNT\system32\AESTFltr.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\WINNT\system32\hkcmd.exe C:\WINNT\system32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINNT\system32\PMService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINNT\system32\mfevtps.exe C:\WINNT\System32\snmp.exe C:\WINNT\system32\svchost.exe c:\program files\Uphclean\uphclean.exe C:\WINNT\system32\CCM\CcmExec.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: ::1 localhost #[iPv6] O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [EPA_EZ_GPO_Tool] C:\WINNT\system32\EZ_GPO_Tool.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} (Uploader Control) - http://ua.foto.com/ImageUploader6.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231615082718 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231615075093 O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://extranet.uzleuven.be/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O20 - AppInit_DLLs: winmm.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe O23 - Service: Energy Star EZ GPO Power Management Configuration Tool (EPA_GPO_PMService) - TerraNovum - C:\WINNT\system32\PMService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 12300 bytes

hey, alvast bedankt voor de hulp! ik had verleden week niet veel tijd, nu wel weer. De explorer.exe file zit bij mij in de map c:\winnt, ik vond daar geen file twexx32.dll dus heb er maar niets veranderd. Ik heb dus wel 2 of 3 tal keer kaspersky rescue cd laten draaien, in het begin kon ik na zo'n scan nog niets doen, na een 2e of 3e keer kon ik dan terug windows opstarten (zie log hieronder). Hierna heb ik McAfee en malwarebytes ge-update en laten draaien. McAfee heeft nog 2 infecties gevonden (zie log hieronder), malwarebytes vond niets meer. Ik heb dan hijackthis geïnstalleerd, zie log hieronder. Is het nu in orde of nog suggesties? Kaspersky rescue cd scan: -------------------------- Objects Scan: completed 16 hours ago (events: 19, objects: 377401, time: 08:25:29) 4/5/12 6:14 AM Task completed 4/5/12 6:14 AM Disinfected: Trojan.Win32.Hosts2.gen C:/_OTM/MovedFiles/03062011_193052/C_WINNT/System32/drivers/etc/hosts 4/5/12 6:14 AM Disinfected: Trojan.Win32.Hosts2.gen C:/_OTM/MovedFiles/03062011_193052/C_WINNT/System32/drivers/etc/hosts 4/4/12 10:50 PM Detected: Trojan.Win32.Hosts2.gen C:/_OTM/MovedFiles/03062011_193052/C_WINNT/System32/drivers/etc/hosts 4/4/12 10:48 PM Untreated: Trojan.Win32.Hosts2.gen C:/_OTM/MovedFiles/03062011_193052/C_WINNT/System32/drivers/etc/hosts Postponed 4/4/12 10:48 PM Detected: Trojan.Win32.Hosts2.gen C:/_OTM/MovedFiles/03062011_193052/C_WINNT/System32/drivers/etc/hosts 4/4/12 9:55 PM Untreated: Trojan-Ransom.Win32.Foreign.dhp C:/Documents and Settings/Joachim/Local Settings/Temp/arg279143.exe Postponed 4/4/12 9:55 PM Detected: Trojan-Ransom.Win32.Foreign.dhp C:/Documents and Settings/Joachim/Local Settings/Temp/arg279143.exe 4/4/12 9:54 PM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Joachim/Local Settings/Temp/0.20814534072178137.htm Postponed 4/4/12 9:54 PM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Joachim/Local Settings/Temp/0.20814534072178137.htm 4/4/12 9:54 PM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Joachim/Local Settings/Temp/0.13216184327747338.htm Postponed 4/4/12 9:54 PM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Joachim/Local Settings/Temp/0.13216184327747338.htm 4/4/12 9:54 PM Untreated: Trojan-Spy.Win32.Lurk.vq C:/Documents and Settings/Joachim/Local Settings/Temp/0.12011851835546083.htm Postponed 4/4/12 9:54 PM Detected: Trojan-Spy.Win32.Lurk.vq C:/Documents and Settings/Joachim/Local Settings/Temp/0.12011851835546083.htm 4/4/12 9:54 PM Untreated: Exploit.Java.CVE-2011-3544.ga C:/Documents and Settings/Joachim/Application Data/Sun/Java/Deployment/cache/6.0/6/607811c6-71001744/Wiki.class Postponed 4/4/12 9:54 PM Detected: Exploit.Java.CVE-2011-3544.ga C:/Documents and Settings/Joachim/Application Data/Sun/Java/Deployment/cache/6.0/6/607811c6-71001744/Wiki.class 4/4/12 9:54 PM Untreated: Trojan-Downloader.Win32.Avalod.tf C:/Documents and Settings/Joachim/Application Data/Sun/Java/Deployment/cache/6.0/38/54f24a26-371756c2 Postponed 4/4/12 9:54 PM Detected: Trojan-Downloader.Win32.Avalod.tf C:/Documents and Settings/Joachim/Application Data/Sun/Java/Deployment/cache/6.0/38/54f24a26-371756c2 4/4/12 9:49 PM Task started Objects Scan: completed 2 hours ago (events: 2, objects: 1507, time: 00:02:11) 4/5/12 8:18 PM Task completed 4/5/12 8:16 PM Task started Objects Scan: completed 1 hour ago (events: 2, objects: 375898, time: 00:58:57) 4/5/12 9:21 PM Task completed 4/5/12 8:22 PM Task started <>: not defined: 0 (events: 1, objects: , time: 00:00:00) 4/5/12 9:45 PM Task started Objects Scan: completed <1 minute ago (events: 2, objects: 377417, time: 01:00:51) 4/5/12 10:59 PM Task completed 4/5/12 9:58 PM Task started McAfee scan: ------------- 9/04/2012 20:44:55 Programmabestandsversie = 5400.1158 9/04/2012 20:44:55 Versie AntiVirus-DAT = 6675.0 9/04/2012 20:44:55 Aantal detectiedefinities in EXTRA.DAT = Geen 9/04/2012 20:44:55 Namen van detectiedefinities in EXTRA.DAT = Geen 9/04/2012 20:44:43 Scan is gestart DELL\Joachim Volledige scan 9/04/2012 20:48:45 Niet gescand (het bestand is gecodeerd) c:\Documents and Settings\All Users\Application Data\TrackMania\Cache\E50C148420641E05E6E6DEA01AEC4B11_Skins%5cVehicles%5cCarCommon%5cAudi_R8_GT3.zip 9/04/2012 20:49:48 Verwijderd Joachim ODS(Volledige scan) c:\Documents and Settings\Joachim\Application Data\Sun\Java\Deployment\cache\6.0\47\718e082f-4e1da9bd\L.class JV/Exploit-Blacole.a (Paard van Troje) 9/04/2012 20:50:41 Verwijderd Joachim ODS(Volledige scan) c:\Documents and Settings\Joachim\Local Settings\Temporary Internet Files\Content.IE5\8QM1KNUS\main[1].htm JS/Exploit-Blacole.q!htm (Paard van Troje) 9/04/2012 20:51:40 Niet gescand (het bestand is gecodeerd) c:\Documents and Settings\Joachim\Mijn documenten\GrabIt Downloads\NIBBBQHPDH1.part01.rar 9/04/2012 20:51:45 Niet gescand (het bestand is gecodeerd) c:\Documents and Settings\Joachim\Mijn documenten\GrabIt Downloads\NIBBBQHPDH1.part84.rar 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Scanoverzicht 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gescande processen : 70 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gedetecteerde processen: 0 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Opgeschoonde processen : 0 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gescande opstartsectoren : 2 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gedetecteerde opstartsectoren: 0 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Opgeschoonde opstartsectoren : 0 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gescande bestanden: 124747 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Bestanden met detecties: 2 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Bestandsdetecties: 2 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Opgeschoonde bestanden: 0 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Verwijderde bestanden: 2 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Niet-gescande bestanden: 26 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Scanoverzicht (Register scannen) 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gescande sleutels : 58602 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gedetecteerde sleutels: 0 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Opgeschoonde sleutels: 0 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Verwijderde sleutels : 0 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Scanoverzicht (Cookies scannen) 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gescande cookies : 3903 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gedetecteerde cookies: 0 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Opgeschoonde cookies : 0 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Verwijderde cookies : 0 9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Duur : 2:43:21 9/04/2012 23:28:04 Scan is voltooid DELL\Joachim Volledige scan hijackthis log file: ----------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:04:02, on 10/04/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe C:\WINNT\Explorer.EXE C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\Program Files\Apoint\Apoint.exe C:\WINNT\system32\AESTFltr.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\WINNT\system32\hkcmd.exe C:\WINNT\system32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINNT\system32\PMService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINNT\system32\mfevtps.exe C:\WINNT\System32\snmp.exe C:\WINNT\system32\svchost.exe c:\program files\Uphclean\uphclean.exe C:\WINNT\system32\CCM\CcmExec.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe C:\WINNT\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www/proxy_conf.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25488 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [EPA_EZ_GPO_Tool] C:\WINNT\system32\EZ_GPO_Tool.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} (Uploader Control) - http://ua.foto.com/ImageUploader6.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231615082718 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231615075093 O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://extranet.uzleuven.be/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O20 - AppInit_DLLs: winmm.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe O23 - Service: Energy Star EZ GPO Power Management Configuration Tool (EPA_GPO_PMService) - TerraNovum - C:\WINNT\system32\PMService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 12855 bytes

Hallo, Ik heb ook het FCCU virus op mijn laptop zitten. Ik heb hier op deze site er al wat over gelezen, ik zou dus hijackthis moeten installeren, nu het probleem bij mij is dat mijn pc niet in veilige modus wil starten (ook niet met netwerkmogelijkheden of opdrachtprompt). Telkens ik dit doe, verschijnt er dan een fractie van een seconde een blauw scherm (nog voor ik het "windows aan het laden" beeld zie) en waarop iets staat met onder andere "virussen", maar meer kan ik niet lezen, het gaat te snel. Hierna start hij terug op en moet ik weer F8 indrukken om op het menu met opstartmogelijkheden te komen. Ik vrees dat ik in de miserie zit... Iemand een idee of advies? Is er iets mogelijk via F12? Met BIOS en systeeminstellingen of zo? Het gaat om een Dell latitude E4600 met windows XP. Alvast bedankt, myt