chrisssy

ComboFix 12-07-14.01 - Administrator 16-07-2012 12:12:51.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2038.1099 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\sqlite3.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_xcpip . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))) . . 2012-07-15 21:49 . 2012-07-16 10:12 -------- d-sh--w- c:\documents and settings\Administrator\Onlangs geopend 2012-07-15 21:17 . 2011-06-11 13:37 42672 ----a-w- c:\windows\system32\wbsys.dll 2012-07-15 21:17 . 2012-07-15 21:17 -------- d-----w- c:\program files\Stardock 2012-07-15 21:11 . 2012-07-15 21:11 -------- d-----w- c:\program files\184917 2012-07-15 21:09 . 2012-07-15 21:10 -------- d-----w- c:\program files\184924 2012-07-15 20:57 . 2012-07-15 21:04 -------- d-----w- c:\program files\iColorFolder 2012-07-15 19:06 . 2012-07-15 19:06 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-15 19:06 . 2012-07-15 19:06 -------- d-----w- c:\program files\Trend Micro 2012-07-15 18:41 . 2012-07-15 18:41 -------- d-----w- c:\program files\Microsoft Download Manager 2012-07-15 17:57 . 2012-07-15 18:00 -------- d-----w- c:\windows\I386 2012-07-15 14:41 . 2012-07-15 17:17 -------- d-----w- c:\documents and settings\Christine 2012-07-15 10:33 . 2012-07-15 10:33 -------- d-----w- c:\program files\Mad Scientist Productions 2012-07-15 10:15 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-15 10:15 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-15 10:15 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-15 10:15 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-07-15 10:15 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-15 10:15 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-07-15 10:15 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-07-15 10:15 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-07-15 10:14 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr 2012-07-15 10:14 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-07-15 10:14 . 2012-07-15 10:14 -------- d-----w- c:\program files\AVAST Software 2012-07-15 10:14 . 2012-07-15 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-07-15 00:23 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys 2012-07-15 00:10 . 2012-07-15 00:10 -------- d-----w- c:\windows\system32\wbem\Repository 2012-07-15 00:08 . 2012-07-15 00:08 -------- d-----w- c:\program files\SystemRequirementsLab 2012-07-15 00:07 . 2012-07-15 00:07 -------- d-----w- c:\program files\PowerISO 2012-07-15 00:06 . 2012-07-15 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacks 2012-07-15 00:05 . 2012-07-15 00:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BlueStacks 2012-07-14 23:59 . 2012-07-14 23:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment 2012-07-14 23:59 . 2012-07-15 00:24 -------- d-----w- c:\program files\NirSoft 2012-07-14 23:58 . 2012-07-14 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\EA Core 2012-07-14 23:58 . 2012-07-14 23:58 -------- d-----w- c:\windows\Performance 2012-07-14 23:57 . 2012-07-14 23:57 -------- d-----w- c:\program files\Origin Games 2012-07-14 23:55 . 2012-07-14 23:55 -------- d-----w- c:\windows\SxsCaPendDel 2012-07-14 23:55 . 2012-07-14 23:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Thunderbird 2012-07-14 23:55 . 2012-07-14 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2012-07-14 23:55 . 2012-07-14 23:55 -------- d-----w- C:\ProgramData 2012-07-14 23:55 . 2012-07-15 00:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\PowerISO 2012-07-14 23:54 . 2012-07-14 23:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\uTorrentBar_NL 2012-07-14 23:54 . 2012-07-14 23:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp 2012-07-14 23:54 . 2012-07-15 16:39 -------- d-----w- c:\program files\uTorrent 2012-07-14 19:48 . 2012-07-14 19:50 -------- d-----w- c:\windows\system32\NtmsData 2012-07-14 18:54 . 2012-07-15 00:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook 2012-07-14 17:33 . 2012-07-15 00:06 -------- d-s---w- c:\documents and settings\Test 2012-07-14 17:05 . 2012-07-14 17:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\iPadian 2012-07-14 15:54 . 2012-07-15 00:06 -------- d-----w- c:\program files\RegClean Pro 2012-07-14 15:54 . 2012-07-14 15:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\systweak 2012-07-14 15:53 . 2012-07-15 00:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\ViGlance 2012-07-13 23:20 . 2012-07-15 00:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype 2012-07-13 23:20 . 2012-07-15 00:06 -------- d-----w- c:\program files\Skype 2012-07-13 23:20 . 2012-07-15 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2012-07-13 15:05 . 2012-07-13 15:05 -------- d-----w- c:\program files\Common Files\Java 2012-07-13 14:57 . 2012-07-13 14:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer 2012-07-13 13:58 . 2012-07-13 13:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun 2012-07-13 13:56 . 2012-07-13 13:56 -------- d-----w- c:\program files\Java 2012-07-12 11:16 . 2012-07-12 11:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\fontconfig 2012-07-12 11:15 . 2012-07-15 00:06 -------- d-----w- c:\documents and settings\Administrator\.gimp-2.8 2012-07-12 11:15 . 2012-07-12 11:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\gegl-0.2 2012-07-12 11:02 . 2012-07-15 00:06 -------- d-----w- c:\program files\GIMP 2 2012-07-12 10:30 . 2012-07-12 10:35 -------- d-----w- c:\documents and settings\Administrator\(2).VirtualBox 2012-07-12 10:28 . 2012-07-13 13:57 -------- d-----w- c:\program files\Oracle 2012-07-11 11:12 . 2012-07-11 11:12 -------- d-----w- c:\program files\MSXML 4.0 2012-07-08 21:33 . 2012-07-08 21:33 -------- d-----w- c:\documents and settings\Administrator\youwave 2012-07-08 21:33 . 2012-07-08 21:33 -------- d-----w- c:\documents and settings\Administrator\.Virtualbox 2012-07-07 22:10 . 2012-07-07 22:10 -------- d-----w- C:\temp 2012-07-07 22:10 . 2012-07-07 22:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SupportSoft 2012-07-06 14:57 . 2012-07-15 00:07 -------- d-----w- c:\program files\NCH Software 2012-07-04 17:15 . 2012-07-04 17:15 1527 ----a-w- C:\user.js 2012-06-29 16:57 . 2012-07-15 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2012-06-29 16:51 . 2012-06-29 16:51 -------- d-----w- C:\MSOCache 2012-06-28 14:44 . 2012-06-28 14:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\{90140011-0062-0413-0000-0000000FF1CE} 2012-06-28 14:44 . 2012-06-28 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Virtualized Applications 2012-06-28 13:21 . 2012-07-15 00:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SoftGrid Client 2012-06-28 13:21 . 2012-07-14 16:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\SoftGrid Client 2012-06-28 13:18 . 2012-07-15 00:09 -------- d-----w- c:\program files\Microsoft Application Virtualization Client 2012-06-28 13:18 . 2012-06-28 13:18 -------- d-----w- c:\documents and settings\All Users\Microsoft 2012-06-26 20:16 . 2012-06-26 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HD-bord Software 2012-06-25 19:20 . 2012-06-25 19:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VS Revo Group 2012-06-25 19:20 . 2012-06-25 19:20 -------- d-----w- c:\program files\VS Revo Group 2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll 2012-06-23 21:46 . 2008-04-13 21:14 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll 2012-06-23 20:52 . 2012-07-15 00:04 -------- d-----w- c:\program files\ViGlance 2012-06-23 15:38 . 2012-06-23 15:38 -------- d-----w- c:\windows\system32\LogFiles 2012-06-23 15:33 . 2012-07-15 00:05 -------- d-----w- c:\program files\BlueStacks 2012-06-23 12:28 . 2012-07-15 00:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc 2012-06-23 12:02 . 2012-06-23 12:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities 2012-06-23 10:54 . 2012-07-14 23:58 -------- d-----w- c:\program files\Unlocker 2012-06-23 10:11 . 2012-06-23 10:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Corporation 2012-06-23 09:04 . 2012-06-23 09:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Origin 2012-06-23 09:04 . 2012-06-23 09:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Origin 2012-06-23 09:03 . 2012-07-14 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Origin 2012-06-23 09:02 . 2012-07-14 23:58 -------- d-----w- c:\program files\Origin 2012-06-22 22:09 . 2011-08-12 11:51 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2012-06-22 21:58 . 2012-06-22 21:58 -------- d-----w- c:\windows\ie8updates 2012-06-22 21:44 . 2012-06-23 22:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2012-06-22 21:42 . 2012-07-14 23:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thunderbird 2012-06-22 21:36 . 2008-04-14 21:32 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2012-06-22 21:11 . 2012-06-22 21:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\XnView 2012-06-22 21:11 . 2012-07-14 23:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\AIMP 2012-06-22 21:10 . 2012-06-22 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2012-06-22 21:07 . 2012-07-14 23:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\PhotoScape 2012-06-22 20:54 . 2012-07-15 01:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-22 20:54 . 2012-07-15 01:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-22 20:48 . 2008-04-13 20:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2012-06-22 20:48 . 2008-04-13 20:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2012-06-22 20:20 . 2008-09-05 00:22 447752 ----a-r- c:\windows\system32\vp6vfw.dll 2012-06-22 20:20 . 2012-06-22 20:20 -------- d-----w- c:\program files\Microsoft WSE 2012-06-22 20:14 . 2012-07-15 00:28 -------- d-----w- c:\program files\Electronic Arts 2012-06-22 20:08 . 2011-07-15 13:29 457856 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2012-06-22 19:23 . 2001-09-06 15:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2012-06-22 19:23 . 2001-09-06 15:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 2012-06-22 19:23 . 2008-04-13 20:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2012-06-22 19:23 . 2008-04-13 20:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2012-06-22 19:13 . 2012-07-14 22:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2012-06-22 19:13 . 2012-06-22 19:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\CRE 2012-06-22 19:13 . 2012-05-11 14:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-06-22 19:13 . 2012-05-11 14:43 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2012-06-22 19:13 . 2012-05-11 14:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2012-06-22 19:13 . 2012-05-11 14:43 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-06-22 19:13 . 2012-05-11 14:43 11112960 -c----w- c:\windows\system32\dllcache\ieframe.dll 2012-06-22 19:13 . 2012-05-11 14:43 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-22 19:13 . 2012-05-11 14:43 2001408 -c----w- c:\windows\system32\dllcache\iertutil.dll 2012-06-22 19:13 . 2012-05-11 14:43 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-13 13:55 . 2010-10-19 10:49 1875200 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:48 . 2010-10-19 10:48 1447936 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:48 . 2010-10-19 10:48 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:35 . 2010-10-19 10:50 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-04 04:31 . 2010-10-19 10:49 153088 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2010-10-19 10:50 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2012-05-29 22:57 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2012-05-29 22:57 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2012-05-29 22:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2012-05-29 22:57 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2012-05-29 22:57 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2010-10-19 10:50 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2010-10-19 10:50 45080 ----a-w- c:\windows\system32\wups2(2).dll 2012-06-02 13:19 . 2010-10-19 10:48 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2010-10-19 10:50 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2012-05-29 22:57 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2010-10-19 10:50 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2012-05-29 22:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2010-10-19 10:50 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2010-10-19 10:50 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2010-10-19 10:50 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-05-31 13:19 . 2010-10-19 10:48 603136 ----a-w- c:\windows\system32\crypt32.dll 2012-05-31 04:10 . 2012-05-31 04:10 113104 ----a-w- c:\windows\system32\drivers\scdemu.sys 2012-05-16 15:08 . 2010-10-19 10:52 920064 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:43 . 2012-05-29 22:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 14:43 . 2010-10-19 10:52 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 12:13 . 2010-10-19 10:52 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 03:14 . 2010-10-19 10:48 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2010-04-28 05:20 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:45 . 2012-05-29 22:54 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-10-19 . FF50B2ABDDAD3C0E43B01E31D4D51026 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-07-15 895376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-28 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-28 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-28 142360] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-05-31 336992] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2010-10-19 128512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2011-09-26 13:10 210224 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\wbsys.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders schannel.dll, digest.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [15-7-2012 12:15 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15-7-2012 12:15 353688] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15-7-2012 12:15 21256] R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [10-7-2012 14:17 66952] R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [10-7-2012 14:18 385416] R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [13-7-2009 1:07 21096] R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [13-7-2009 1:07 25448] R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [30-5-2012 2:46 6607744] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22-6-2012 22:54 250056] S3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [10-7-2012 14:17 397704] S3 m0sdg7.sys;m0sdg7.sys;\??\c:\windows\system32\drivers\m0sdg7.sys --> c:\windows\system32\drivers\m0sdg7.sys [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [15-7-2012 2:23 27064] S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 01:00] . 2012-07-16 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-15 16:21] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-842925246-1417001333-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-23 21:53] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-842925246-1417001333-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-23 21:53] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe HKCU-Run-ViGlance - c:\program files\ViGlance\ViGlance.exe HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-07-16 12:20 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-448539723-842925246-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,d4,80,44,74,f6,e9,47,b9,5b,4f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,d4,80,44,74,f6,e9,47,b9,5b,4f,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,d4,80,44,74,f6,e9,47,b9,5b,4f,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1004) c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll . - - - - - - - > 'explorer.exe'(1516) c:\windows\system32\msi.dll c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\webcheck.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\StacSV.exe . ************************************************************************** . Voltooingstijd: 2012-07-16 12:23:01 - machine werd herstart ComboFix-quarantined-files.txt 2012-07-16 10:22 . Pre-Run: 44.230.516.736 bytes beschikbaar Post-Run: 44.529.577.984 bytes beschikbaar . - - End Of File - - FFC008FD414511ADD06FB642E0ABAFF7

hij doet het nog steeds heel raar

# AdwCleaner v1.702 - Logfile created 07/15/2012 at 23:48:39 # Updated 13/07/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Administrator - PC # Running from : C:\Documents and Settings\Administrator\Bureaublad\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com Folder Deleted : C:\Documents and Settings\Administrator\Application Data\PriceGong Folder Deleted : C:\Documents and Settings\Administrator\Application Data\QuickStoresToolbar Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer Folder Deleted : C:\Program Files\Conduit File Deleted : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.url File Deleted : C:\Documents and Settings\Administrator\Menu Start\QuickStores.url ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2865317 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ConduitSearchScopes Key Deleted : HKCU\Software\PriceGong Key Deleted : HKCU\Software\Smartbar Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v20.0.1132.57 File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted : "homepage": "hxxp://search.babylon.com/?affID=113480&tt=010712_4&babsrc=HP_ss&mntrId=c0598e370[...] Deleted : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?affID=113480&tt=010712_4&babsrc[...] Deleted : "scriptable_host": [ "hxxp://*/*", "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdC[...] Deleted : "default_title": "uTorrentBar_NL Community Toolbar", Deleted : "matches": [ "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*", "[...] Deleted : "name": "uTorrentBar_NL", Deleted : "path": "plugins/ConduitChromeApiPlugin.dll", Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT286531[...] Deleted : "homepage": "hxxp://search.babylon.com/?affID=113480&tt=010712_4&babsrc=HP_ss&mntrId=c0598e370000[...] Deleted : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?affID=113480&tt=010712_4&babsrc=HP[...] ************************* AdwCleaner[s1].txt - [349 octets] - [15/07/2012 23:47:35] AdwCleaner[s2].txt - [3620 octets] - [15/07/2012 23:48:39] ########## EOF - C:\AdwCleaner[s2].txt - [3748 octets] ##########

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:07:50, on 15-7-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\UnsignedThemesSvc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Vista Drive Icon\DrvIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\BlueStacks\HD-LogRotatorService.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Download Manager\MSDownloadManager.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ViGlance] C:\Program Files\ViGlance\ViGlance.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1342376324375 O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab...ri_4.5.1.0.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\WINDOWS\UnsignedThemesSvc.exe -- End of file - 6664 bytes

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:07:50, on 15-7-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\UnsignedThemesSvc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Vista Drive Icon\DrvIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\BlueStacks\HD-LogRotatorService.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Download Manager\MSDownloadManager.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ViGlance] C:\Program Files\ViGlance\ViGlance.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342376324375 O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\WINDOWS\UnsignedThemesSvc.exe -- End of file - 6664 bytes

Sinds gister had ik Master Boot record virus in me computer zitten dit is nu opgelost door recovery console. Maar nu heb ik een balkje onderaan dat blauw explorer ding zitten die om de 4 seconden knippert echt heel irritant wat kan dit zijn en hoe kan ik het oplossen? Groeten Christine.