seane

Heb ik gedaan, maar ik krijg als antwoord: 'geen zoekresultaten.'

ComboFix /Uninstall werkt niet, ik had het al verwijderd van mijn bureaublad, waarschijnlijk komt het daardoor? De rest denk ik, heb ik kunnen toepassen.

Bestanden verwijderd! de mappen waren niet verborgen, dus ik heb niets moeten aanpassen.

ComboFix 11-06-10.09 - Sean 11/06/2011 7:39.3.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.3966.2532 [GMT 2:00] Gestart vanuit: c:\users\Sean\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} FW: ESET Personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE} SP: ESET Smart Security 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))) . . 2011-06-11 05:44 . 2011-06-11 05:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-06-11 05:44 . 2011-06-11 05:44 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2011-06-11 05:44 . 2011-06-11 05:44 -------- d-----w- c:\users\TEMP.IIS APPPOOL\AppData\Local\temp 2011-06-11 05:44 . 2011-06-11 05:44 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-06-11 05:44 . 2011-06-11 05:44 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2011-06-11 05:44 . 2011-06-11 05:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-10 04:16 . 2011-06-10 04:16 388096 ----a-r- c:\users\Sean\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-08 14:26 . 2011-06-08 14:26 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-06-05 09:12 . 2011-06-05 09:12 -------- d-----w- c:\users\Sean\AppData\Local\{C5C3EC0F-FFA3-46DF-A5A3-7B02390D49E7} 2011-06-02 09:44 . 2011-06-02 10:32 -------- d-----w- C:\found.000 2011-05-28 09:09 . 2011-04-14 16:57 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll 2011-05-28 09:09 . 2011-04-14 16:57 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll 2011-05-28 09:09 . 2011-04-14 16:57 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll 2011-05-28 09:09 . 2011-04-14 16:57 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll 2011-05-28 09:09 . 2011-04-14 16:57 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll 2011-05-28 09:09 . 2011-04-14 16:57 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll 2011-05-28 09:09 . 2010-01-01 08:00 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll 2011-05-28 09:09 . 2010-01-01 08:00 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll 2011-05-27 04:11 . 2011-05-16 20:55 74272 ----a-w- c:\windows\system32\RtNicProp64.dll 2011-05-27 04:11 . 2011-05-16 20:55 533096 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2011-05-27 03:58 . 2011-06-08 14:31 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-05-27 03:44 . 2011-05-27 03:44 -------- d-----w- C:\Diskeeper 2011-05-26 10:51 . 2011-05-26 10:51 -------- d-----w- c:\program files (x86)\Microsoft XNA 2011-05-26 10:46 . 2010-09-17 10:35 105816 ----a-w- c:\windows\system32\SQSRVRES.DLL 2011-05-26 10:46 . 2010-09-17 10:33 108376 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll 2011-05-26 10:46 . 2010-09-17 08:16 72536 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll 2011-05-26 10:45 . 2011-05-26 10:45 -------- d-----w- c:\program files\Microsoft.NET 2011-05-26 10:37 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2011-05-26 10:37 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2011-05-26 10:36 . 2011-05-26 10:36 -------- d-----w- c:\windows\system32\RsFx 2011-05-26 10:36 . 2011-05-26 10:36 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0 2011-05-26 10:36 . 2011-05-26 10:36 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2011-05-26 10:36 . 2011-05-26 10:36 -------- d-----w- c:\windows\SysWow64\1033 2011-05-26 10:36 . 2011-05-26 10:36 -------- d-----w- c:\windows\system32\1033 2011-05-26 10:34 . 2011-05-26 10:44 -------- d-----w- c:\program files\Microsoft SQL Server 2011-05-26 10:32 . 2011-05-26 10:44 -------- d-----w- c:\program files (x86)\Microsoft SQL Server 2011-05-26 10:32 . 2011-05-26 10:32 -------- d-----w- c:\program files\Microsoft Synchronization Services 2011-05-26 10:32 . 2011-05-26 10:32 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2011-05-26 10:32 . 2011-05-26 10:32 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2011-05-26 10:32 . 2011-05-26 10:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2011-05-26 10:31 . 2011-05-26 10:39 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll 2011-05-26 10:30 . 2011-05-26 10:39 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0 2011-05-26 10:30 . 2011-05-26 10:30 -------- d-----w- c:\windows\symbols 2011-05-26 10:30 . 2011-05-26 10:30 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2011-05-26 10:30 . 2011-05-26 10:30 -------- d-----w- c:\program files\Microsoft Help Viewer 2011-05-26 10:30 . 2011-05-26 10:30 -------- d-----w- c:\program files (x86)\Microsoft SDKs 2011-05-25 12:53 . 2011-02-14 01:04 44624 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys 2011-05-25 12:53 . 2011-05-25 12:53 -------- d-----w- c:\programdata\Diskeeper Corporation 2011-05-25 12:53 . 2011-05-25 12:53 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation 2011-05-25 12:44 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-08 14:32 . 2010-05-21 12:11 525544 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-08 14:25 . 2010-04-18 07:28 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-05-29 07:11 . 2010-02-10 13:46 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-29 07:11 . 2010-02-10 13:46 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-16 20:55 . 2009-12-03 08:27 107552 ----a-w- c:\windows\system32\RTNUninst64.dll 2011-05-03 14:33 . 2011-05-11 14:05 2854504 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys 2011-05-02 16:03 . 2011-05-11 14:05 88680 ----a-w- c:\windows\system32\RCoInst64.dll 2011-05-02 13:28 . 2011-05-11 14:05 1004544 ----a-w- c:\windows\system32\RCoRes64.dat 2011-04-27 12:50 . 2011-04-27 12:50 14848 ----a-w- c:\windows\system32\slwga.dll 2011-04-27 12:50 . 2011-02-23 13:25 13824 ----a-w- c:\windows\SysWow64\slwga.dll 2011-04-27 12:50 . 2010-11-17 12:43 419840 ----a-w- c:\windows\system32\systemcpl.dll 2011-04-27 12:44 . 2010-02-22 17:08 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-04-20 12:34 . 2011-05-11 14:05 3049064 ----a-w- c:\windows\system32\RtkAPO64.dll 2011-04-20 12:34 . 2011-05-11 14:05 2393192 ----a-w- c:\windows\system32\RtPgEx64.dll 2011-04-18 16:50 . 2011-05-11 14:05 2601816 ----a-w- c:\windows\system32\WavesGUILib.dll 2011-04-18 16:50 . 2011-05-11 14:05 2238296 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll 2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll 2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll 2011-04-09 07:02 . 2011-05-11 13:35 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 06:58 . 2011-05-11 13:35 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-04-09 06:02 . 2011-05-11 13:35 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:02 . 2011-05-11 13:35 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-11 13:35 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2011-04-08 05:14 . 2011-05-05 11:14 8411752 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-04-08 05:14 . 2011-05-05 11:14 6974056 ----a-w- c:\windows\system32\nvcuda.dll 2011-04-08 05:14 . 2011-05-05 11:14 67176 ----a-w- c:\windows\system32\OpenCL.dll 2011-04-08 05:14 . 2011-05-05 11:14 6299752 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2011-04-08 05:14 . 2011-05-05 11:14 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll 2011-04-08 05:14 . 2011-05-05 11:14 5183080 ----a-w- c:\windows\SysWow64\nvcuda.dll 2011-04-08 05:14 . 2011-05-05 11:14 2893416 ----a-w- c:\windows\system32\nvcuvid.dll 2011-04-08 05:14 . 2011-05-05 11:14 2765928 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2011-04-08 05:14 . 2011-05-05 11:14 2204264 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-04-08 05:14 . 2011-05-05 11:14 2074216 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2011-04-08 05:14 . 2011-05-05 11:14 20700264 ----a-w- c:\windows\system32\nvoglv64.dll 2011-04-08 05:14 . 2011-05-05 11:14 1619048 ----a-w- c:\windows\system32\nvdispco6420140.dll 2011-04-08 05:14 . 2011-05-05 11:14 15227496 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2011-04-08 05:14 . 2011-05-05 11:14 1404008 ----a-w- c:\windows\system32\nvgenco642060.dll 2011-04-08 05:14 . 2011-05-05 11:14 13262184 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-04-08 05:14 . 2011-05-05 11:14 12934248 ----a-w- c:\windows\system32\nvd3dumx.dll 2011-04-08 05:14 . 2011-05-05 11:14 10071656 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2011-04-08 05:14 . 2011-05-05 11:14 2273896 ----a-w- c:\windows\system32\nvapi64.dll 2011-04-08 05:14 . 2011-05-05 11:14 2034280 ----a-w- c:\windows\SysWow64\nvapi.dll 2011-04-08 05:14 . 2011-05-05 11:14 18578536 ----a-w- c:\windows\system32\nvcompiler.dll 2011-04-08 05:14 . 2011-05-05 11:14 13007464 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2011-04-07 21:19 . 2011-04-07 21:19 2582120 ----a-w- c:\windows\system32\nvsvcr.dll 2011-04-07 21:19 . 2011-04-07 21:19 117864 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-07 21:19 . 2011-04-07 21:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe 2011-04-07 21:19 . 2011-04-07 21:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll 2011-04-07 21:19 . 2011-04-07 21:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-07 21:18 . 2011-04-07 21:18 3041384 ----a-w- c:\windows\system32\nvsvc64.dll 2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 14:26 . 2011-04-06 14:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 14:26 . 2011-04-06 14:26 237856 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe 2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-04-06 12:16 . 2011-04-06 12:16 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-04-06 12:16 . 2011-04-06 12:16 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-04-06 12:16 . 2011-04-06 12:16 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-04-06 12:16 . 2011-04-06 12:16 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-04-06 12:16 . 2011-04-06 12:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-04-06 12:16 . 2011-04-06 12:16 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-04-06 12:16 . 2011-04-06 12:16 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-04-06 12:16 . 2011-04-06 12:16 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-04-06 12:16 . 2011-04-06 12:16 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-04-06 12:16 . 2011-04-06 12:16 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-04-06 12:16 . 2011-04-06 12:16 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-04-06 12:16 . 2011-04-06 12:16 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-04-06 12:16 . 2011-04-06 12:16 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-04-06 12:16 . 2011-04-06 12:16 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-04-06 12:16 . 2011-04-06 12:16 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-04-06 12:16 . 2011-04-06 12:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-04-06 12:16 . 2011-04-06 12:16 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-04-06 12:16 . 2011-04-06 12:16 448512 ----a-w- c:\windows\system32\html.iec 2011-04-06 12:16 . 2011-04-06 12:16 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-04-06 12:16 . 2011-04-06 12:16 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-04-06 12:16 . 2011-04-06 12:16 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-04-06 12:16 . 2011-04-06 12:16 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-06 12:16 . 2011-04-06 12:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-04-06 12:16 . 2011-04-06 12:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-04-06 12:16 . 2011-04-06 12:16 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-04-06 12:16 . 2011-04-06 12:16 2303488 ----a-w- c:\windows\system32\jscript9.dll 2011-04-06 12:16 . 2011-04-06 12:16 222208 ----a-w- c:\windows\system32\msls31.dll 2011-04-06 12:16 . 2011-04-06 12:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-04-06 12:16 . 2011-04-06 12:16 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-04-06 12:16 . 2011-04-06 12:16 160256 ----a-w- c:\windows\system32\wextract.exe 2011-04-06 12:16 . 2011-04-06 12:16 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-04-06 12:16 . 2011-04-06 12:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-04-06 12:16 . 2011-04-06 12:16 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-06 12:16 . 2011-04-06 12:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-04-06 12:16 . 2011-04-06 12:16 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-04-06 12:16 . 2011-04-06 12:16 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-04-06 12:16 . 2011-04-06 12:16 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-04-06 12:16 . 2011-04-06 12:16 12288 ----a-w- c:\windows\system32\mshta.exe 2011-04-06 12:16 . 2011-04-06 12:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-04-06 12:16 . 2011-04-06 12:16 114176 ----a-w- c:\windows\system32\admparse.dll 2011-04-06 12:16 . 2011-04-06 12:16 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-04-06 12:16 . 2011-04-06 12:16 101888 ----a-w- c:\windows\SysWow64\admparse.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-06-07_15.11.59 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-10 13:59 . 2011-06-08 14:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2010-02-10 13:59 . 2011-06-02 10:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 04:54 . 2011-06-02 10:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-06-08 14:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-06-08 14:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-06-02 10:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-06-02 10:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-06-08 14:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-02-05 21:40 . 2011-06-11 05:47 72602 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-06-11 05:47 35320 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2011-06-07 15:00 35320 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-02-05 21:14 . 2011-06-11 05:47 19274 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-878373364-221360020-1949420119-1000_UserData.bin + 2010-02-05 17:03 . 2011-06-10 04:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-02-05 17:03 . 2011-06-07 14:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-08 17:24 . 2011-06-10 04:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-03-08 17:24 . 2011-06-07 14:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-06-07 14:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-06-10 04:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-06-07 13:51 . 2011-06-07 14:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-06-11 05:45 . 2011-06-11 05:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-06-11 05:45 . 2011-06-11 05:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-06-07 13:51 . 2011-06-07 14:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-06-08 14:22 . 2011-06-08 14:22 238040 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_Plugin.exe + 2011-06-08 14:31 . 2011-06-08 14:31 240288 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe + 2011-06-08 14:31 . 2011-06-08 14:31 321184 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.dll + 2011-02-18 09:05 . 2011-06-08 14:25 157472 c:\windows\SysWOW64\javaws.exe - 2011-02-18 09:05 . 2011-02-02 20:40 157472 c:\windows\SysWOW64\javaws.exe - 2011-02-18 09:05 . 2011-02-02 20:40 145184 c:\windows\SysWOW64\javaw.exe + 2011-02-18 09:05 . 2011-06-08 14:25 145184 c:\windows\SysWOW64\javaw.exe + 2011-02-18 09:05 . 2011-06-08 14:25 145184 c:\windows\SysWOW64\java.exe - 2011-02-18 09:05 . 2011-02-02 20:40 145184 c:\windows\SysWOW64\java.exe + 2011-06-08 14:32 . 2011-06-08 14:32 190752 c:\windows\system32\javaws.exe + 2011-06-08 14:32 . 2011-06-08 14:32 171808 c:\windows\system32\javaw.exe - 2011-02-23 16:40 . 2011-02-23 16:40 171808 c:\windows\system32\javaw.exe + 2011-06-08 14:32 . 2011-06-08 14:32 171808 c:\windows\system32\java.exe - 2011-02-23 16:40 . 2011-02-23 16:40 171808 c:\windows\system32\java.exe - 2009-07-14 05:12 . 2011-06-07 14:28 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:12 . 2011-06-11 05:18 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:01 . 2011-06-06 20:02 534476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-06-11 05:44 534476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-06-08 14:31 . 2011-06-08 14:31 683520 c:\windows\Installer\1e6c12.msi + 2011-06-08 14:26 . 2011-06-08 14:26 207360 c:\windows\Installer\1e69b0.msi + 2011-06-08 14:24 . 2011-06-08 14:24 681984 c:\windows\Installer\1e69a0.msi + 2010-11-06 11:18 . 2011-06-08 14:22 6271136 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll - 2010-11-06 11:18 . 2011-05-27 03:58 6271136 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll + 2010-09-02 18:24 . 2011-06-08 20:14 2829212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-878373364-221360020-1949420119-1000-12288.dat + 2011-06-09 10:21 . 2011-06-09 10:21 1402880 c:\windows\Installer\440be.msi + 2010-09-02 18:24 . 2011-06-11 05:44 17796620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-878373364-221360020-1949420119-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-16 136176] R3 cpuz130;cpuz130;c:\users\Sean\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-02-20 21712] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-16 136176] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2010-02-22 19952] R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x] R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x] R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x] R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x] R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x] R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x] R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 TVICHW64;TVICHW64;c:\windows\SysWOW64\Drivers\TVICHW64.SYS [2010-02-23 13824] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R4 EmmaDevMgmtSvc;Emma Device Management;c:\program files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe [2010-02-25 403064] R4 EmmaUpdMgmtSvc;Emma Update Management;c:\program files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe [2010-02-25 193656] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2011-03-04 90112] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424] S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-05-02 90112] S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x] S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-03-24 810120] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080] S2 nlscc;Nalpeiron X64 Service;c:\windows\system32\nlsInterface.exe [x] S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-07-19 4908576] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Inhoud van de 'Gedeelde Taken' map . 2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-16 11:08] . 2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-16 11:08] . 2011-06-10 c:\windows\Tasks\ParetoLogic Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-24 2839840] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.telenet.be mLocal Page = c:\windows\SysWOW64\blank.htm mWindow Title = Telenet Internet uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 195.130.131.130 195.130.130.2 FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\kitkbdgd.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-878373364-221360020-1949420119-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:ef,c8,25,91,65,aa,b1,60,35,9a,57,88,cc,9d,7f,de,38,cc,bd,fb,4c,cc,1e, 60,0f,08,d2,28,f1,54,79,ae,f6,47,f3,2b,81,db,32,3b,f5,2f,82,84,45,40,19,e8,\ "??"=hex:e6,9b,7f,3e,70,7d,98,f1,99,72,a6,3d,91,3e,6e,a7 . [HKEY_USERS\S-1-5-21-878373364-221360020-1949420119-1000\Software\SecuROM\License information*] "datasecu"=hex:0c,db,38,93,9d,50,61,55,61,4d,da,cc,88,cd,62,d5,99,ec,13,78,a6, 59,94,16,1c,ae,01,69,54,99,a1,54,a2,15,19,0f,46,47,27,8d,2e,ea,84,0a,b6,26,\ "rkeysecu"=hex:eb,92,57,0e,48,2b,bc,8f,f3,e1,ba,72,f1,2f,32,25 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\astsrv.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\windows\SysWOW64\nlssrv32.exe c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Voltooingstijd: 2011-06-11 07:50:20 - machine werd herstart ComboFix-quarantined-files.txt 2011-06-11 05:50 ComboFix2.txt 2011-06-07 15:13 . Pre-Run: 202.433.515.520 bytes beschikbaar Post-Run: 202.355.744.768 bytes beschikbaar . - - End Of File - - A48130AE6E5ED2562D50A57E6743E5ED

Malwarebytes' Anti-Malware 1.51.0.1200 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: 6824 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 10/06/2011 12:54:56 mbam-log-2011-06-10 (12-54-56).txt Scan type: Quick scan Objects scanned: 209280 Time elapsed: 2 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:56:42, on 10/06/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKUS\S-1-5-21-878373364-221360020-1949420119-1005\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-878373364-221360020-1949420119-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Nalpeiron X64 Service (nlscc) - Unknown owner - C:\Windows\system32\nlsInterface.exe (file missing) O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Software Protection (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9870 bytes

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:18:11, on 10/06/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file) O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKUS\S-1-5-21-878373364-221360020-1949420119-1005\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-878373364-221360020-1949420119-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Nalpeiron X64 Service (nlscc) - Unknown owner - C:\Windows\system32\nlsInterface.exe (file missing) O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Software Protection (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9899 bytes

Beste, Enkele maanden geleden heb ik op dit forum gepost dat mijn pc bleef vasthangen. Dankzij jullie hulp heb ik dit kunnen oplossen. Nu zit ik terug met hetzelfde probleem, ik heb geen idee waarom dit blijft terug keren.. Ik heb willen scannen met Hijackthis, maar ik krijg een melding van het programma: For some reason your system denied write access to the Hosts file... kunnen jullie mij helpen?

ok, heel erg bedankt voor uw hulp!! Mvg, Sean

ja dit heeft toch wel wat geholpen! Mag ik die waar er "file missing" staat ook verwijderen?

Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4339 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 22/07/2010 22:31:03 mbam-log-2010-07-22 (22-31-03).txt Scan type: Quick scan Objects scanned: 133089 Time elapsed: 2 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:34:28, on 22/07/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Telenet R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Telenet R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Telenet R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Telenet R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{48CFEFEF-E644-4888-8384-0185C004704F}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASP.NET-statusservice (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9540 bytes

Beste, Mijn Pc werkt al een tijdje trager dan normaal, kan er iemand vlug eens kijken naar dit hjt logje? Alvast bedankt! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:45:09, on 22/07/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Telenet R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Telenet R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Telenet R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Telenet R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{48CFEFEF-E644-4888-8384-0185C004704F}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASP.NET-statusservice (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9632 bytes

gelukt! alles werkt terug op normale snelheid. bedankt voor alles!

ComboFix 08-05-15.3 - user 2008-05-18 19:03:18.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.153 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\user\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt * Resident AV is active WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))) . 2008-05-17 10:14 . 2008-05-17 10:14 <DIR> d-------- C:\WING 2008-05-17 10:14 . 1994-08-24 00:00 188,960 --a------ C:\WINDOWS\system\WINGDE.DLL 2008-05-17 10:14 . 1994-09-21 00:00 92,208 --a------ C:\WINDOWS\system\WING.DLL 2008-05-17 10:14 . 1994-09-21 00:00 12,800 --a------ C:\WINDOWS\system32\WING32.DLL 2008-05-17 10:14 . 1994-09-21 00:00 6,736 --a------ C:\WINDOWS\system\WINGDIB.DRV 2008-05-17 10:14 . 1994-09-21 00:00 5,024 --a------ C:\WINDOWS\system\WINGPAL.WND 2008-05-15 18:18 . 2008-05-18 18:13 <DIR> dr-h----- C:\Documents and Settings\user\Onlangs geopend 2008-05-15 18:11 . 2008-05-15 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-05-13 12:13 . 2008-05-15 19:52 <DIR> d-------- C:\Program Files\Panda Security 2008-05-13 09:56 . 2008-05-13 09:56 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes 2008-05-13 09:56 . 2008-05-13 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-10 17:18 . 2008-05-10 17:18 1,099,839 --a------ C:\WINDOWS\system32\TmpA1954125 2008-05-10 16:19 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-10 16:15 . 2008-05-10 16:15 <DIR> d-------- C:\Program Files\Common Files\Java 2008-05-08 16:17 . 2008-05-08 19:29 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-06 23:47 . 2008-05-17 23:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-06 23:47 . 2008-05-06 23:47 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-06 18:01 . 2008-05-06 18:01 <DIR> d-------- C:\Documents and Settings\user\Application Data\Pegasys Inc 2008-05-03 19:42 . 2008-05-06 19:31 <DIR> d-------- C:\divx 2008-05-03 19:40 . 2008-05-03 22:17 <DIR> d-------- C:\Documents and Settings\user\Application Data\DivX 2008-05-03 19:35 . 2008-05-06 17:59 <DIR> d-------- C:\Program Files\DivX 2008-05-03 19:35 . 2007-11-30 00:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 16:39 --------- d-----w C:\Program Files\Soulseek 2008-05-17 14:54 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent 2008-05-15 16:12 --------- d-----w C:\Program Files\VideoLAN 2008-05-15 12:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-05-15 11:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-15 11:57 --------- d-----w C:\Program Files\SpywareGuard 2008-05-10 15:18 --------- d-----w C:\Program Files\Absolute MP3 Splitter 2008-05-10 15:18 --------- d-----w C:\Program Files\Ableton 2008-05-10 14:19 --------- d-----w C:\Program Files\Java 2008-05-08 17:52 --------- d-----w C:\Program Files\Trend Micro 2008-05-08 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-08 17:41 --------- d-----w C:\Program Files\Webteh 2008-05-08 17:41 --------- d-----w C:\Documents and Settings\user\Application Data\BSplayer 2008-05-08 14:09 --------- d-----w C:\Program Files\Lavasoft 2008-05-08 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-08 14:03 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-08 13:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-03 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-04-23 13:55 --------- d-----w C:\Program Files\Winamp 2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-21 08:23 --------- d-----w C:\Documents and Settings\user\Application Data\AccurateRip 2008-03-21 08:22 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2008-03-21 08:01 --------- d-----w C:\Program Files\iTunes 2008-03-21 08:01 --------- d-----w C:\Program Files\iPod 2008-03-21 07:59 --------- d-----w C:\Program Files\QuickTime 2008-03-21 07:59 --------- d-----w C:\Program Files\Bonjour 2008-03-21 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-21 07:57 --------- d-----w C:\Program Files\Apple Software Update 2008-03-21 07:56 --------- d-----w C:\Program Files\Common Files\Apple 2008-03-21 07:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-03-21 07:33 --------- d-----w C:\Program Files\Illustrate 2007-09-10 14:42 47,360 ----a-w C:\Documents and Settings\user\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008] "nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-30 20:25 949376] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk] backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Telenet EasyCare.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Telenet EasyCare.lnk backup=C:\WINDOWS\pss\Telenet EasyCare.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk] backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^Anapod Manager.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^MagicDisc.lnk] backup=C:\WINDOWS\pss\MagicDisc.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] --a------ 2005-03-04 08:20 512000 C:\Program Files\VIAudioi\SBADeck\ADeck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] --a------ 2002-12-10 19:32 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] --a------ 2002-12-10 19:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] --a------ 2006-04-21 15:41 438359 C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] --a------ 2006-10-11 12:45 75304 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-04-09 14:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] -ra------ 2005-11-23 04:12 1060864 C:\Program Files\VIA\RAID\raid_tool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 18:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-09-28 13:16 185896 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-11-19 13:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\User Enc Proc Curb] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2006-04-03 18:12 777424 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSScheduler] C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "svcWRSSSDK"=2 (0x2) "SDhelper"=3 (0x3) "iPodService"=3 (0x3) "Adobe LM Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "aawservice"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Soulseek\\slsk.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader S0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [] S3 iatmunin;iatmunin;C:\DOCUME~1\user\LOCALS~1\Temp\iatmunin.sys [] S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15] S3 MA_CMIDI;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\ma_cmidi.sys [] S3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30785b76-838d-11dc-9956-003018ffffff}] \Shell\AutoRun\command - J:\AutoTransfer.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-18 19:08:30 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\nview.dll . Voltooingstijd: 2008-05-18 19:19:00 ComboFix-quarantined-files.txt 2008-05-18 17:18:19 ComboFix2.txt 2008-05-15 14:05:26 Pre-Run: 4,357,693,440 bytes beschikbaar Post-Run: 4,404,039,680 bytes beschikbaar 221 --- E O F --- 2007-09-01 08:14:51 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:20:26, on 18/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O14 - IERESET.INF: START_PAGE_URL=www.google.be O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.telenet.be/sys/tisp/ocx/PlaNetSysInfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159107806500 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 6257 bytes pc gaat nog altijd heel traag.. meestal als er meerdere programmas draaien.

heb alles uitgevoerd, maar het log van pandascan heb ik toch al gepost dacht ik? dat is het enige wat ik van log krijg als de scan gedaan is.

Scan performed at: 17/05/2008 20:01:27 Scanning Log NOD32 version 3106 (20080516) NT Operating memory - is OK Date: 17.5.2008 Time: 20:02:08 Anti-Stealth technology is enabled. Scanned disks, folders and files: C:; D:; H: C:\hiberfil.sys - error opening (File locked) [4] C:\pagefile.sys - error opening (File locked) [4] C:\Documents and Settings\LocalService\NTUSER.DAT - error opening (File locked) [4] C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening (File locked) [4] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4] C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening (File locked) [4] C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening (File locked) [4] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4] C:\Documents and Settings\user\NTUSER.DAT - error opening (File locked) [4] C:\Documents and Settings\user\ntuser.dat.LOG - error opening (File locked) [4] C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\parent.lock - error opening (File locked) [4] C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\s_rousseau01@hotmail.com\SharingMetadata\pending.dat - error opening (File locked) [4] C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\s_rousseau01@hotmail.com\SharingMetadata\Working\database_A4BC_2B0C_BC2A_D916\dfsr.db - error opening (File locked) [4] C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\s_rousseau01@hotmail.com\SharingMetadata\Working\database_A4BC_2B0C_BC2A_D916\fsr.log - error opening (File locked) [4] C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\s_rousseau01@hotmail.com\SharingMetadata\Working\database_A4BC_2B0C_BC2A_D916\fsrtmp.log - error opening (File locked) [4] C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\s_rousseau01@hotmail.com\SharingMetadata\Working\database_A4BC_2B0C_BC2A_D916\tmp.edb - error opening (File locked) [4] C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4] C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4] C:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4] C:\WINDOWS\system32\config\default - error opening (File locked) [4] C:\WINDOWS\system32\config\default.LOG - error opening (File locked) [4] C:\WINDOWS\system32\config\SAM - error opening (File locked) [4] C:\WINDOWS\system32\config\SAM.LOG - error opening (File locked) [4] C:\WINDOWS\system32\config\SECURITY - error opening (File locked) [4] C:\WINDOWS\system32\config\SECURITY.LOG - error opening (File locked) [4] C:\WINDOWS\system32\config\software - error opening (File locked) [4] C:\WINDOWS\system32\config\software.LOG - error opening (File locked) [4] C:\WINDOWS\system32\config\system - error opening (File locked) [4] C:\WINDOWS\system32\config\system.LOG - error opening (File locked) [4] C:\WINDOWS\system32\drivers\sptd.sys - error opening (File locked) [4] D:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4] Number of scanned files: 126438 Number of threats found: 0 Time of completion: 21:11:49 Total scanning time: 4181 sec (01:09:41) Notes: [4] File cannot be opened. It may be in use by another application or operating system.

;*********************************************************************************************************************************************************************************** ANALYSIS: 2008-05-17 16:12:26 PROTECTIONS: 1 MALWARE: 7 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== ESET NOD32 antivirus system 2.70 2.70 Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\cookies.txt[.com.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\cookies.txt[.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zwknu11d.default\cookies.txt[.bs.serving-sys.com/] 00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\user\Cookies\user@metriweb[1].txt 02377451 Adware/SaveNow Adware No 0 No No C:\Documents and Settings\All Users\Documenten\bsplayer224.954_clip.exe[AdVantageSetup.exe] 02934058 Trj/Sinowal.DW Virus/Trojan No 1 Yes No H:\Music Programs\Adobe Audition\CRACK\KEYGEN.EXE ;=================================================================================================================================================================================== SUSPECTS Sent Location l ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description l ;=================================================================================================================================================================================== 184380 MEDIUM MS08-002 l 184379 MEDIUM MS08-001 l 182048 HIGH MS07-069 l 182046 HIGH MS07-067 l 182043 HIGH MS07-064 l 179553 HIGH MS07-061 l 176382 HIGH MS07-057 l 176383 HIGH MS07-058 l ;===================================================================================================================================================================================

bedankt voor alle hulp! maar mijn computer werkt nog altijd trager dan tevoren. programma's starten minder snel op, ook als ik muziek afspeel komen er schokken in voor. ik merk het zelfs wanneer ik mijn muis-icoon over het scherm beweeg.. enig idee wat ik nog zou kunnen doen?

ComboFix 08-05-09.1 - user 2008-05-15 15:46:00.4 - NTFSx86 Gestart vanuit: C:\Documents and Settings\user\Bureaublad\ComboFix.exe * Resident AV is active WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))) . 2008-05-15 14:57 . 2008-05-15 14:57 <DIR> dr-h----- C:\Documents and Settings\user\Onlangs geopend 2008-05-14 12:20 . 2008-05-15 14:46 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-05-14 12:20 . 2008-05-14 12:20 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-05-14 12:20 . 2008-05-14 12:20 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-05-14 12:19 . 2008-05-14 12:19 <DIR> d-------- C:\Program Files\AVG 2008-05-14 12:18 . 2008-05-14 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-05-13 12:13 . 2008-05-13 12:14 <DIR> d-------- C:\Program Files\Panda Security 2008-05-13 09:56 . 2008-05-13 09:56 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes 2008-05-13 09:56 . 2008-05-13 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-13 09:56 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-13 09:55 . 2008-05-13 09:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-13 09:55 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-10 17:18 . 2008-05-10 17:18 1,099,839 --a------ C:\WINDOWS\system32\TmpA1954125 2008-05-10 16:19 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-10 16:15 . 2008-05-10 16:15 <DIR> d-------- C:\Program Files\Common Files\Java 2008-05-08 16:17 . 2008-05-08 19:29 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-06 23:47 . 2008-05-11 14:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-06 23:47 . 2008-05-06 23:47 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-06 18:01 . 2008-05-06 18:01 <DIR> d-------- C:\Documents and Settings\user\Application Data\Pegasys Inc 2008-05-03 19:42 . 2008-05-06 19:31 <DIR> d-------- C:\divx 2008-05-03 19:40 . 2008-05-03 22:17 <DIR> d-------- C:\Documents and Settings\user\Application Data\DivX 2008-05-03 19:35 . 2008-05-06 17:59 <DIR> d-------- C:\Program Files\DivX 2008-05-03 19:35 . 2007-11-30 00:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-15 12:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-05-15 11:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-15 11:57 --------- d-----w C:\Program Files\SpywareGuard 2008-05-12 19:34 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent 2008-05-10 19:00 --------- d-----w C:\Program Files\Soulseek 2008-05-10 15:18 --------- d-----w C:\Program Files\Absolute MP3 Splitter 2008-05-10 15:18 --------- d-----w C:\Program Files\Ableton 2008-05-10 14:19 --------- d-----w C:\Program Files\Java 2008-05-08 17:52 --------- d-----w C:\Program Files\Trend Micro 2008-05-08 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-08 17:41 --------- d-----w C:\Program Files\Webteh 2008-05-08 17:41 --------- d-----w C:\Documents and Settings\user\Application Data\BSplayer 2008-05-08 14:09 --------- d-----w C:\Program Files\Lavasoft 2008-05-08 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-08 14:03 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-08 13:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-03 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-04-23 13:55 --------- d-----w C:\Program Files\Winamp 2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-21 08:23 --------- d-----w C:\Documents and Settings\user\Application Data\AccurateRip 2008-03-21 08:22 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2008-03-21 08:01 --------- d-----w C:\Program Files\iTunes 2008-03-21 08:01 --------- d-----w C:\Program Files\iPod 2008-03-21 07:59 --------- d-----w C:\Program Files\QuickTime 2008-03-21 07:59 --------- d-----w C:\Program Files\Bonjour 2008-03-21 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-21 07:57 --------- d-----w C:\Program Files\Apple Software Update 2008-03-21 07:56 --------- d-----w C:\Program Files\Common Files\Apple 2008-03-21 07:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-03-21 07:33 --------- d-----w C:\Program Files\Illustrate 2007-09-10 14:42 47,360 ----a-w C:\Documents and Settings\user\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((( snapshot_2008-05-14_15.41.57,76 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-14 09:27:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-15 12:39:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008] "nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-30 20:25 949376] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-14 12:19 1177368] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk] backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Telenet EasyCare.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Telenet EasyCare.lnk backup=C:\WINDOWS\pss\Telenet EasyCare.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk] backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^Anapod Manager.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^MagicDisc.lnk] backup=C:\WINDOWS\pss\MagicDisc.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] --a------ 2005-03-04 08:20 512000 C:\Program Files\VIAudioi\SBADeck\ADeck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] --a------ 2002-12-10 19:32 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] --a------ 2002-12-10 19:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] --a------ 2006-04-21 15:41 438359 C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] --a------ 2006-10-11 12:45 75304 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-04-09 14:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] -ra------ 2005-11-23 04:12 1060864 C:\Program Files\VIA\RAID\raid_tool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 18:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-09-28 13:16 185896 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-11-19 13:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\User Enc Proc Curb] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2006-04-03 18:12 777424 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSScheduler] C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "svcWRSSSDK"=2 (0x2) "SDhelper"=3 (0x3) "iPodService"=3 (0x3) "Adobe LM Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "aawservice"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Soulseek\\slsk.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-14 12:20] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-14 12:19] S0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [] S3 iatmunin;iatmunin;C:\DOCUME~1\user\LOCALS~1\Temp\iatmunin.sys [] S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15] S3 MA_CMIDI;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\ma_cmidi.sys [] S3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30785b76-838d-11dc-9956-003018ffffff}] \Shell\AutoRun\command - J:\AutoTransfer.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-15 15:53:43 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\nview.dll . Voltooingstijd: 2008-05-15 16:05:25 ComboFix-quarantined-files.txt 2008-05-15 14:05:01 ComboFix2.txt 2008-05-14 13:44:23 ComboFix3.txt 2008-05-13 10:08:43 ComboFix4.txt 2008-05-10 15:03:12 Pre-Run: 3,467,149,312 bytes beschikbaar Post-Run: 3,459,719,168 bytes beschikbaar 233 --- E O F --- 2007-09-01 08:14:51

Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\system32\cwqrohjo.exe" not found! Deletion of file "C:\WINDOWS\system32\cwqrohjo.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\njllouns.exe" not found! Deletion of file "C:\WINDOWS\system32\njllouns.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\vagwtevk.exe" not found! Deletion of file "C:\WINDOWS\system32\vagwtevk.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\pcisnklf.dll_old" not found! Deletion of file "C:\WINDOWS\system32\pcisnklf.dll_old" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\rqtdgmyl.dll_old" not found! Deletion of file "C:\WINDOWS\system32\rqtdgmyl.dll_old" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\qdqdnegn.exe" not found! Deletion of file "C:\WINDOWS\system32\qdqdnegn.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\vuigciwk.exe" not found! Deletion of file "C:\WINDOWS\system32\vuigciwk.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\geBroPFY.dll_old" not found! Deletion of file "C:\WINDOWS\system32\geBroPFY.dll_old" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\myrwfrjp.exe" not found! Deletion of file "C:\WINDOWS\system32\myrwfrjp.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\nlohvqmn.exe" not found! Deletion of file "C:\WINDOWS\system32\nlohvqmn.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\BMbf19ea25.xml" not found! Deletion of file "C:\WINDOWS\BMbf19ea25.xml" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\muzika.xm" not found! Deletion of file "C:\WINDOWS\system32\muzika.xm" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\cwqrohjo.exe" not found! Deletion of file "C:\WINDOWS\system32\cwqrohjo.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\njllouns.exe" not found! Deletion of file "C:\WINDOWS\system32\njllouns.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\cwqrohjo.exe" not found! Deletion of file "C:\WINDOWS\system32\cwqrohjo.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\cwqrohjo.exe" not found! Deletion of file "C:\WINDOWS\system32\cwqrohjo.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\njllouns.exe" not found! Deletion of file "C:\WINDOWS\system32\njllouns.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\vagwtevk.exe" not found! Deletion of file "C:\WINDOWS\system32\vagwtevk.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\pcisnklf.dll_old" not found! Deletion of file "C:\WINDOWS\system32\pcisnklf.dll_old" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\rqtdgmyl.dll_old" not found! Deletion of file "C:\WINDOWS\system32\rqtdgmyl.dll_old" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\qdqdnegn.exe" not found! Deletion of file "C:\WINDOWS\system32\qdqdnegn.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\vuigciwk.exe" not found! Deletion of file "C:\WINDOWS\system32\vuigciwk.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\geBroPFY.dll_old" not found! Deletion of file "C:\WINDOWS\system32\geBroPFY.dll_old" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\myrwfrjp.exe" not found! Deletion of file "C:\WINDOWS\system32\myrwfrjp.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\nlohvqmn.exe" not found! Deletion of file "C:\WINDOWS\system32\nlohvqmn.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\BMbf19ea25.xml" not found! Deletion of file "C:\WINDOWS\BMbf19ea25.xml" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\muzika.xm" not found! Deletion of file "C:\WINDOWS\system32\muzika.xm" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00B24A31-527C-4827-A6BA-E79FA17A1B95}" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00B24A31-527C-4827-A6BA-E79FA17A1B95}" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F5E9CA7-A273-4A1A-893A-DB9BE5D94543}" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F5E9CA7-A273-4A1A-893A-DB9BE5D94543}" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{271AE199-6A99-4EB7-A112-029271B3F228}" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{271AE199-6A99-4EB7-A112-029271B3F228}" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28BD1860-4C41-4F96-AAAC-B2FB8373BB33}" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28BD1860-4C41-4F96-AAAC-B2FB8373BB33}" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AFC5FA1-2721-4479-91C8-1B0D09FF4DBD}" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AFC5FA1-2721-4479-91C8-1B0D09FF4DBD}" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{348F9E5C-4647-436E-A395-F4BDF4286F56}" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{348F9E5C-4647-436E-A395-F4BDF4286F56}" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6029CD72-1BDC-45DB-A78D-F08621140487}" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6029CD72-1BDC-45DB-A78D-F08621140487}" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81787365-563B-4886-947F-09550D64967C}" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81787365-563B-4886-947F-09550D64967C}" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3102264-D09D-4322-B625-503FBF18DD7E}" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3102264-D09D-4322-B625-503FBF18DD7E}" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A8B9EC-5375-490E-B1FD-65C77B844FE2}" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A8B9EC-5375-490E-B1FD-65C77B844FE2}" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D475293C-D49D-4FE1-ACE7-D14AD1CF97EB}" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D475293C-D49D-4FE1-ACE7-D14AD1CF97EB}" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywXRii" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywXRii" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:46:42, on 15/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgupd.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O14 - IERESET.INF: START_PAGE_URL=www.google.be O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.telenet.be/sys/tisp/ocx/PlaNetSysInfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159107806500 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 6778 bytes ik heb ook spywareguard en spybot verwijderd, want die gaven constant meldingen..

ComboFix 08-05-09.1 - user 2008-05-10 16:34:38.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.101 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\user\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt * Resident AV is active WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . ADS - svchost.exe: deleted 68 bytes in 1 streams. (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pskt.ini C:\WINDOWS\system32\akqjjlby.dll C:\WINDOWS\system32\bchpqkev.ini C:\WINDOWS\system32\eddgoqpx.ini C:\WINDOWS\system32\eddgoqpx.ini2 C:\WINDOWS\system32\efgywfmh.ini C:\WINDOWS\system32\efgywfmh.ini2 C:\WINDOWS\system32\egPrrqru.ini C:\WINDOWS\system32\egPrrqru.ini2 C:\WINDOWS\system32\LorrAJlm.ini C:\WINDOWS\system32\LorrAJlm.ini2 C:\WINDOWS\system32\lymgdtqr.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\sultvprk.dll C:\WINDOWS\system32\urqNgffg.dll C:\WINDOWS\system32\urqrrPge.dll C:\WINDOWS\system32\xbqgqiew.ini C:\WINDOWS\system32\xxywXRii.dll C:\WINDOWS\system32\ybljjqka.ini C:\WINDOWS\system32\YFPorBeg.ini C:\WINDOWS\system32\YFPorBeg.ini2 C:\WINDOWS\system32\yghlcvqp.ini C:\WINDOWS\system32\yoetewxd.ini C:\WINDOWS\system32\yoetewxd.ini2 . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))) . 2008-05-10 16:19 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-10 16:15 . 2008-05-10 16:15 <DIR> d-------- C:\Program Files\Common Files\Java 2008-05-10 13:49 . 2008-05-10 13:49 2,112 --a------ C:\WINDOWS\system32\cwqrohjo.exe 2008-05-10 13:42 . 2008-05-10 13:42 2,112 --a------ C:\WINDOWS\system32\njllouns.exe 2008-05-10 12:43 . 2008-05-10 15:42 <DIR> dr-h----- C:\Documents and Settings\user\Onlangs geopend 2008-05-10 12:14 . 2008-05-10 12:14 2,112 --a------ C:\WINDOWS\system32\vagwtevk.exe 2008-05-10 12:13 . 2008-05-10 12:13 100,416 --------- C:\WINDOWS\system32\pcisnklf.dll_old 2008-05-10 12:13 . 2008-05-10 12:13 91,712 --------- C:\WINDOWS\system32\rqtdgmyl.dll_old 2008-05-10 10:26 . 2008-05-10 10:26 2,112 --a------ C:\WINDOWS\system32\qdqdnegn.exe 2008-05-10 10:20 . 2008-05-10 10:20 2,112 --a------ C:\WINDOWS\system32\vuigciwk.exe 2008-05-10 10:17 . 2008-05-10 10:17 277,504 --------- C:\WINDOWS\system32\geBroPFY.dll_old 2008-05-09 15:59 . 2008-05-09 15:59 2,112 --a------ C:\WINDOWS\system32\myrwfrjp.exe 2008-05-09 14:26 . 2008-05-09 14:26 2,112 --a------ C:\WINDOWS\system32\nlohvqmn.exe 2008-05-09 14:24 . 2008-05-10 16:25 109,807 --a------ C:\WINDOWS\BMbf19ea25.xml 2008-05-08 18:43 . 2008-05-10 10:52 51,355 --a------ C:\WINDOWS\system32\muzika.xm 2008-05-08 16:17 . 2008-05-08 19:29 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-06 23:47 . 2008-05-06 23:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-06 23:47 . 2008-05-06 23:47 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-06 18:01 . 2008-05-06 18:01 <DIR> d-------- C:\Documents and Settings\user\Application Data\Pegasys Inc 2008-05-03 19:42 . 2008-05-06 19:31 <DIR> d-------- C:\divx 2008-05-03 19:40 . 2008-05-03 22:17 <DIR> d-------- C:\Documents and Settings\user\Application Data\DivX 2008-05-03 19:35 . 2008-05-06 17:59 <DIR> d-------- C:\Program Files\DivX 2008-05-03 19:35 . 2007-11-30 00:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-10 14:19 --------- d-----w C:\Program Files\Java 2008-05-10 13:54 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent 2008-05-10 12:46 --------- d-----w C:\Program Files\Soulseek 2008-05-10 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-09 14:09 --------- d-----w C:\Program Files\SpywareGuard 2008-05-08 17:52 --------- d-----w C:\Program Files\Trend Micro 2008-05-08 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-08 17:41 --------- d-----w C:\Program Files\Webteh 2008-05-08 17:41 --------- d-----w C:\Documents and Settings\user\Application Data\BSplayer 2008-05-08 14:09 --------- d-----w C:\Program Files\Lavasoft 2008-05-08 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-08 13:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-03 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-04-23 13:55 --------- d-----w C:\Program Files\Winamp 2008-03-21 08:23 --------- d-----w C:\Documents and Settings\user\Application Data\AccurateRip 2008-03-21 08:01 --------- d-----w C:\Program Files\iTunes 2008-03-21 08:01 --------- d-----w C:\Program Files\iPod 2008-03-21 07:59 --------- d-----w C:\Program Files\QuickTime 2008-03-21 07:59 --------- d-----w C:\Program Files\Bonjour 2008-03-21 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-21 07:57 --------- d-----w C:\Program Files\Apple Software Update 2008-03-21 07:56 --------- d-----w C:\Program Files\Common Files\Apple 2008-03-21 07:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-03-21 07:33 --------- d-----w C:\Program Files\Illustrate 2008-02-27 16:42 691,545 ----a-w C:\WINDOWS\unins000.exe 2007-09-10 14:42 87,608 ----a-w C:\Documents and Settings\user\Application Data\inst.exe 2007-09-10 14:42 47,360 ----a-w C:\Documents and Settings\user\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00B24A31-527C-4827-A6BA-E79FA17A1B95}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F5E9CA7-A273-4A1A-893A-DB9BE5D94543}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{271AE199-6A99-4EB7-A112-029271B3F228}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28BD1860-4C41-4F96-AAAC-B2FB8373BB33}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AFC5FA1-2721-4479-91C8-1B0D09FF4DBD}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{348F9E5C-4647-436E-A395-F4BDF4286F56}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6029CD72-1BDC-45DB-A78D-F08621140487}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81787365-563B-4886-947F-09550D64967C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3102264-D09D-4322-B625-503FBF18DD7E}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A8B9EC-5375-490E-B1FD-65C77B844FE2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D475293C-D49D-4FE1-ACE7-D14AD1CF97EB}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008] "nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-30 20:25 949376] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "wextract_cleanup0"="C:\WINDOWS\system32\advpack.dll" [2004-08-04 02:03 100864] "Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 12:43 5146448] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360] C:\Documents and Settings\user\Menu Start\Programma's\Opstarten\ SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Telenet EasyCare.lnk - C:\Program Files\Telenet EasyCare\bin\matcli.exe [2007-08-31 09:29:50 217088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywXRii] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk] backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk] backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^Anapod Manager.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^MagicDisc.lnk] backup=C:\WINDOWS\pss\MagicDisc.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] --a------ 2005-03-04 08:20 512000 C:\Program Files\VIAudioi\SBADeck\ADeck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] --a------ 2002-12-10 19:32 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] --a------ 2002-12-10 19:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] --a------ 2006-04-21 15:41 438359 C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] --a------ 2006-10-11 12:45 75304 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-04-09 14:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] -ra------ 2005-11-23 04:12 1060864 C:\Program Files\VIA\RAID\raid_tool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 18:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-09-28 13:16 185896 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-11-19 13:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\User Enc Proc Curb] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2006-04-03 18:12 777424 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSScheduler] C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "svcWRSSSDK"=2 (0x2) "SDhelper"=3 (0x3) "iPodService"=3 (0x3) "Adobe LM Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "aawservice"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Soulseek\\slsk.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader S0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [] S3 iatmunin;iatmunin;C:\DOCUME~1\user\LOCALS~1\Temp\iatmunin.sys [] S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15] S3 MA_CMIDI;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\ma_cmidi.sys [] S3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30785b76-838d-11dc-9956-003018ffffff}] \Shell\AutoRun\command - J:\AutoTransfer.exe . Inhoud van de 'Gedeelde Taken' map "2008-05-09 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-05-08 16:45:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-05-10 15:00:00 C:\WINDOWS\Tasks\B13FDACA90A44C1A.job" - c:\docume~1\user\applic~1\bagsse~1\dentcampmpeg.exe "2008-05-09 15:15:00 C:\WINDOWS\Tasks\Easy Onderhoud.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-05-10 00:12:09 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-10 16:48:15 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\nview.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Sygate\SPF\Smc.exe C:\Program Files\ESET\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Telenet EasyCare\bin\mpbtn.exe C:\Program Files\SpywareGuard\sgbhp.exe . ************************************************************************** . Voltooingstijd: 2008-05-10 17:03:11 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-10 15:02:56 Pre-Run: 3,653,853,184 bytes beschikbaar Post-Run: 3,558,514,688 bytes beschikbaar 275 --- E O F --- 2007-09-01 08:14:51 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:33:52, on 15/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=www.google.be O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.telenet.be/sys/tisp/ocx/PlaNetSysInfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159107806500 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: xxywXRii - C:\WINDOWS\ O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 7913 bytes mijn pc gaat nog altijd extreem traag.. ik zou echt niet weten wat het probleem is, die taken heb ik zelf ook niet geprogrammeerd.

hier mijn combofixlog: ComboFix 08-05-09.1 - user 2008-05-10 16:34:38.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.101 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\user\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt * Resident AV is active WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . ADS - svchost.exe: deleted 68 bytes in 1 streams. (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pskt.ini C:\WINDOWS\system32\akqjjlby.dll C:\WINDOWS\system32\bchpqkev.ini C:\WINDOWS\system32\eddgoqpx.ini C:\WINDOWS\system32\eddgoqpx.ini2 C:\WINDOWS\system32\efgywfmh.ini C:\WINDOWS\system32\efgywfmh.ini2 C:\WINDOWS\system32\egPrrqru.ini C:\WINDOWS\system32\egPrrqru.ini2 C:\WINDOWS\system32\LorrAJlm.ini C:\WINDOWS\system32\LorrAJlm.ini2 C:\WINDOWS\system32\lymgdtqr.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\sultvprk.dll C:\WINDOWS\system32\urqNgffg.dll C:\WINDOWS\system32\urqrrPge.dll C:\WINDOWS\system32\xbqgqiew.ini C:\WINDOWS\system32\xxywXRii.dll C:\WINDOWS\system32\ybljjqka.ini C:\WINDOWS\system32\YFPorBeg.ini C:\WINDOWS\system32\YFPorBeg.ini2 C:\WINDOWS\system32\yghlcvqp.ini C:\WINDOWS\system32\yoetewxd.ini C:\WINDOWS\system32\yoetewxd.ini2 . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))) . 2008-05-10 16:19 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-10 16:15 . 2008-05-10 16:15 <DIR> d-------- C:\Program Files\Common Files\Java 2008-05-10 13:49 . 2008-05-10 13:49 2,112 --a------ C:\WINDOWS\system32\cwqrohjo.exe 2008-05-10 13:42 . 2008-05-10 13:42 2,112 --a------ C:\WINDOWS\system32\njllouns.exe 2008-05-10 12:43 . 2008-05-10 15:42 <DIR> dr-h----- C:\Documents and Settings\user\Onlangs geopend 2008-05-10 12:14 . 2008-05-10 12:14 2,112 --a------ C:\WINDOWS\system32\vagwtevk.exe 2008-05-10 12:13 . 2008-05-10 12:13 100,416 --------- C:\WINDOWS\system32\pcisnklf.dll_old 2008-05-10 12:13 . 2008-05-10 12:13 91,712 --------- C:\WINDOWS\system32\rqtdgmyl.dll_old 2008-05-10 10:26 . 2008-05-10 10:26 2,112 --a------ C:\WINDOWS\system32\qdqdnegn.exe 2008-05-10 10:20 . 2008-05-10 10:20 2,112 --a------ C:\WINDOWS\system32\vuigciwk.exe 2008-05-10 10:17 . 2008-05-10 10:17 277,504 --------- C:\WINDOWS\system32\geBroPFY.dll_old 2008-05-09 15:59 . 2008-05-09 15:59 2,112 --a------ C:\WINDOWS\system32\myrwfrjp.exe 2008-05-09 14:26 . 2008-05-09 14:26 2,112 --a------ C:\WINDOWS\system32\nlohvqmn.exe 2008-05-09 14:24 . 2008-05-10 16:25 109,807 --a------ C:\WINDOWS\BMbf19ea25.xml 2008-05-08 18:43 . 2008-05-10 10:52 51,355 --a------ C:\WINDOWS\system32\muzika.xm 2008-05-08 16:17 . 2008-05-08 19:29 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-06 23:47 . 2008-05-06 23:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-06 23:47 . 2008-05-06 23:47 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-06 18:01 . 2008-05-06 18:01 <DIR> d-------- C:\Documents and Settings\user\Application Data\Pegasys Inc 2008-05-03 19:42 . 2008-05-06 19:31 <DIR> d-------- C:\divx 2008-05-03 19:40 . 2008-05-03 22:17 <DIR> d-------- C:\Documents and Settings\user\Application Data\DivX 2008-05-03 19:35 . 2008-05-06 17:59 <DIR> d-------- C:\Program Files\DivX 2008-05-03 19:35 . 2007-11-30 00:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-10 14:19 --------- d-----w C:\Program Files\Java 2008-05-10 13:54 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent 2008-05-10 12:46 --------- d-----w C:\Program Files\Soulseek 2008-05-10 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-09 14:09 --------- d-----w C:\Program Files\SpywareGuard 2008-05-08 17:52 --------- d-----w C:\Program Files\Trend Micro 2008-05-08 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-08 17:41 --------- d-----w C:\Program Files\Webteh 2008-05-08 17:41 --------- d-----w C:\Documents and Settings\user\Application Data\BSplayer 2008-05-08 14:09 --------- d-----w C:\Program Files\Lavasoft 2008-05-08 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-08 13:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-03 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-04-23 13:55 --------- d-----w C:\Program Files\Winamp 2008-03-21 08:23 --------- d-----w C:\Documents and Settings\user\Application Data\AccurateRip 2008-03-21 08:01 --------- d-----w C:\Program Files\iTunes 2008-03-21 08:01 --------- d-----w C:\Program Files\iPod 2008-03-21 07:59 --------- d-----w C:\Program Files\QuickTime 2008-03-21 07:59 --------- d-----w C:\Program Files\Bonjour 2008-03-21 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-21 07:57 --------- d-----w C:\Program Files\Apple Software Update 2008-03-21 07:56 --------- d-----w C:\Program Files\Common Files\Apple 2008-03-21 07:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-03-21 07:33 --------- d-----w C:\Program Files\Illustrate 2008-02-27 16:42 691,545 ----a-w C:\WINDOWS\unins000.exe 2007-09-10 14:42 87,608 ----a-w C:\Documents and Settings\user\Application Data\inst.exe 2007-09-10 14:42 47,360 ----a-w C:\Documents and Settings\user\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00B24A31-527C-4827-A6BA-E79FA17A1B95}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F5E9CA7-A273-4A1A-893A-DB9BE5D94543}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{271AE199-6A99-4EB7-A112-029271B3F228}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28BD1860-4C41-4F96-AAAC-B2FB8373BB33}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AFC5FA1-2721-4479-91C8-1B0D09FF4DBD}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{348F9E5C-4647-436E-A395-F4BDF4286F56}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6029CD72-1BDC-45DB-A78D-F08621140487}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81787365-563B-4886-947F-09550D64967C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3102264-D09D-4322-B625-503FBF18DD7E}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A8B9EC-5375-490E-B1FD-65C77B844FE2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D475293C-D49D-4FE1-ACE7-D14AD1CF97EB}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008] "nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-30 20:25 949376] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "wextract_cleanup0"="C:\WINDOWS\system32\advpack.dll" [2004-08-04 02:03 100864] "Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 12:43 5146448] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360] C:\Documents and Settings\user\Menu Start\Programma's\Opstarten\ SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Telenet EasyCare.lnk - C:\Program Files\Telenet EasyCare\bin\matcli.exe [2007-08-31 09:29:50 217088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywXRii] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk] backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk] backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^Anapod Manager.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^MagicDisc.lnk] backup=C:\WINDOWS\pss\MagicDisc.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] --a------ 2005-03-04 08:20 512000 C:\Program Files\VIAudioi\SBADeck\ADeck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] --a------ 2002-12-10 19:32 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] --a------ 2002-12-10 19:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] --a------ 2006-04-21 15:41 438359 C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] --a------ 2006-10-11 12:45 75304 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-04-09 14:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] -ra------ 2005-11-23 04:12 1060864 C:\Program Files\VIA\RAID\raid_tool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 18:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-09-28 13:16 185896 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-11-19 13:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\User Enc Proc Curb] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2006-04-03 18:12 777424 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSScheduler] C:\Program Files\FBM Software\ZeroSpyware\ZSScheduler.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "svcWRSSSDK"=2 (0x2) "SDhelper"=3 (0x3) "iPodService"=3 (0x3) "Adobe LM Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "aawservice"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Soulseek\\slsk.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader S0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [] S3 iatmunin;iatmunin;C:\DOCUME~1\user\LOCALS~1\Temp\iatmunin.sys [] S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15] S3 MA_CMIDI;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\ma_cmidi.sys [] S3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30785b76-838d-11dc-9956-003018ffffff}] \Shell\AutoRun\command - J:\AutoTransfer.exe . Inhoud van de 'Gedeelde Taken' map "2008-05-09 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-05-08 16:45:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-05-10 15:00:00 C:\WINDOWS\Tasks\B13FDACA90A44C1A.job" - c:\docume~1\user\applic~1\bagsse~1\dentcampmpeg.exe "2008-05-09 15:15:00 C:\WINDOWS\Tasks\Easy Onderhoud.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-05-10 00:12:09 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-10 16:48:15 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\nview.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Sygate\SPF\Smc.exe C:\Program Files\ESET\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Telenet EasyCare\bin\mpbtn.exe C:\Program Files\SpywareGuard\sgbhp.exe . ************************************************************************** . Voltooingstijd: 2008-05-10 17:03:11 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-10 15:02:56 Pre-Run: 3,653,853,184 bytes beschikbaar Post-Run: 3,558,514,688 bytes beschikbaar 275 --- E O F --- 2007-09-01 08:14:51 ook zit er nog een ander tekstbestand bij: ComboFix-quarantined-files: 2008-05-08 15:50 43520 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xxywXRii.dll.vir 2008-05-08 16:14 43520 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\urqNgffg.dll.vir 2008-05-09 15:58 1504983 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yghlcvqp.ini.vir 2008-05-09 15:59 1505043 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\efgywfmh.ini2.vir 2008-05-09 16:00 1505043 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\efgywfmh.ini.vir 2008-05-09 20:58 187251 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\LorrAJlm.ini2.vir 2008-05-09 20:59 187251 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\LorrAJlm.ini.vir 2008-05-10 10:25 1504983 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xbqgqiew.ini.vir 2008-05-10 10:28 294 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\eddgoqpx.ini2.vir 2008-05-10 10:29 1505043 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\eddgoqpx.ini.vir 2008-05-10 11:56 187881 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\YFPorBeg.ini2.vir 2008-05-10 11:59 187881 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\YFPorBeg.ini.vir 2008-05-10 12:12 277504 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\urqrrPge.dll.vir 2008-05-10 12:14 1504923 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lymgdtqr.ini.vir 2008-05-10 13:42 1504983 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bchpqkev.ini.vir 2008-05-10 13:46 294 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yoetewxd.ini2.vir 2008-05-10 13:49 1505043 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yoetewxd.ini.vir 2008-05-10 16:03 143 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir 2008-05-10 16:25 100416 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sultvprk.dll.vir 2008-05-10 16:25 91712 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\akqjjlby.dll.vir 2008-05-10 16:26 22 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pskt.ini.vir 2008-05-10 16:35 1504983 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ybljjqka.ini.vir 2008-05-10 16:35 183371 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\egPrrqru.ini2.vir 2008-05-10 16:35 183599 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\egPrrqru.ini.vir 2008-05-13 11:53 108 --a------ C:\Qoobox\Quarantine\catchme.log

kan er iemand controleren als alles in orde is, want heb problemen had met een zwaar virus. alvast bedankt! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:08:11, on 10/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Telenet EasyCare\bin\mpbtn.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\" O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Afdrukvoorbeeld - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Toevoegen aan afdruklijst - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Versneld afdrukken - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=www.google.be O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.telenet.be/sys/tisp/ocx/PlaNetSysInfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159107806500 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 7592 bytes