Frederik57

kape, het lijkt gelukt te zijn bedankt voor je hulp ik zal een donatie maken en succes met de site!!

kape, ik heb nogmaals opgestart hij geeft de melding niet meer aan, dus ik neem aan dat de exercitie succes heeft gehad? melding: de aanduiding uit mijn herstelpunten moet ik daar nog iets mee doen?

Kape, onderstaand logbestand: ComboFix 12-08-17.03 - Eigenaar 18-08-2012 14:14:32.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1918.938 [GMT 2:00] Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393} AV: PC Tools AntiVirus 6.1.0.25 *Disabled/Updated* {832E7172-E406-4bb2-8B19-6D29F2C93A98} FW: Cloud Antivirus Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802} FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . ADS - system32: deleted 142 bytes in 1 streams. . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Eigenaar\Application Data\AD ON Multimedia c:\documents and settings\Eigenaar\Application Data\init.dll c:\documents and settings\Eigenaar\Application Data\inst.exe c:\documents and settings\Eigenaar\Application Data\PriceGong c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\1.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\a.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\b.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\c.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\d.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\e.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\f.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\g.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\h.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\i.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\J.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\k.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\l.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\m.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\n.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\o.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\p.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\q.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\r.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\s.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\t.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\u.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\v.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\w.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\x.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\y.xml c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\z.xml c:\documents and settings\Eigenaar\Application Data\sound.dll c:\documents and settings\Eigenaar\Application Data\tigersetting.dll c:\documents and settings\Eigenaar\Application Data\vso_ts_preview.xml c:\windows\IsUn0413.exe c:\windows\iun6002.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\sqlite3.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_RKHIT -------\Service_RkHit . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))) . . 2012-08-18 11:58 . 2012-08-18 11:58 -------- d-----w- c:\windows\LastGood.Tmp 2012-08-16 20:45 . 2012-08-18 11:37 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend 2012-08-16 20:34 . 2011-03-10 16:04 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2012-08-16 20:18 . 2012-08-16 20:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\TightVNC 2012-08-16 12:57 . 2012-08-16 12:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\TightVNC 2012-08-16 12:57 . 2012-08-16 12:57 -------- d-----w- c:\program files\Common Files\Comodo 2012-08-15 18:54 . 2012-07-30 13:53 112096 ----a-w- c:\windows\system32\acaptuser32.dll 2012-08-09 20:58 . 2012-08-09 20:58 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\dvdcss 2012-08-08 18:35 . 2012-08-08 18:35 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Spotnet 2012-08-08 18:17 . 2012-08-09 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spotnet 2012-08-08 18:17 . 2012-08-08 18:17 -------- d-----w- c:\program files\Spotnet 2012-08-06 15:59 . 2012-08-06 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2012-08-05 07:14 . 2012-08-05 07:14 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-05 06:54 . 2012-08-05 06:54 20 ----a-w- c:\windows\system32\apply.bat 2012-08-05 06:54 . 2012-08-05 06:54 1648 ----a-w- c:\windows\system32\apply.reg 2012-08-05 06:42 . 2012-08-05 06:54 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\NPE 2012-08-05 06:42 . 2012-08-05 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2012-08-05 06:26 . 2012-08-05 06:26 -------- d-----w- c:\windows\system32\wbem\Repository 2012-08-04 19:35 . 2012-08-05 06:25 -------- d-----w- c:\program files\PC Tools Security 2012-08-04 19:33 . 2012-08-05 06:25 -------- d-----w- c:\program files\SpyDig 2012-08-04 19:28 . 2012-08-04 19:35 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\GetRightToGo 2012-08-04 19:20 . 2012-08-05 06:25 -------- d-----w- c:\program files\UnHackMe 2012-08-04 18:53 . 2012-08-04 19:01 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\panda2_0dn 2012-08-04 18:46 . 2012-08-10 14:08 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\pandasecuritytb 2012-08-04 18:42 . 2012-08-04 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA 2012-08-04 18:30 . 2012-08-04 18:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2012-08-04 17:20 . 2012-08-04 17:20 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2012-08-04 17:19 . 2012-08-04 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2012-08-04 16:23 . 2012-08-04 16:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-04 16:23 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-04 12:17 . 2012-08-04 12:17 -------- d-----r- c:\documents and settings\NetworkService\Favorieten 2012-08-04 12:01 . 2010-02-09 14:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll 2012-08-04 12:01 . 2010-02-09 14:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll 2012-08-04 08:39 . 2012-08-04 08:39 0 ----a-w- c:\windows\ativpsrm.bin 2012-08-04 08:33 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe 2012-08-04 08:31 . 2012-08-04 08:31 -------- d-----w- C:\ATI 2012-08-03 08:23 . 2012-08-03 08:23 36112 ----a-w- c:\windows\system32\drivers\CFRMD.sys 2012-07-31 21:04 . 2012-08-04 18:54 -------- d-----w- c:\program files\ALLPlayer 2012-07-21 08:14 . 2012-08-15 18:41 -------- d-----w- c:\program files\Mozilla Maintenance Service . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 12:44 . 2012-04-21 09:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-15 12:44 . 2011-05-15 15:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-15 12:44 . 2012-06-23 09:44 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-08-09 19:13 . 2008-04-15 21:10 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2012-08-09 19:13 . 2008-04-15 21:10 47360 ----a-w- c:\documents and settings\Eigenaar\Application Data\pcouffin.sys 2012-07-13 05:02 . 2012-07-13 05:02 120616 ----a-w- c:\windows\system32\drivers\PSINProt.sys 2012-07-13 05:02 . 2012-07-13 05:02 179112 ----a-w- c:\windows\system32\drivers\PSINKNC.sys 2012-07-13 05:02 . 2012-07-13 05:02 114728 ----a-w- c:\windows\system32\drivers\PSINProc.sys 2012-07-13 05:02 . 2012-07-13 05:02 101544 ----a-w- c:\windows\system32\drivers\PSINFile.sys 2012-07-13 05:02 . 2012-07-13 05:02 149032 ----a-w- c:\windows\system32\drivers\PSINAflt.sys 2012-07-12 09:18 . 2012-07-12 09:18 206632 ----a-w- c:\windows\system32\drivers\NNSStrm.sys 2012-07-07 14:48 . 2008-04-06 10:45 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-07-07 14:48 . 2008-04-06 10:45 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-07-06 13:58 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2008-04-04 19:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 18:23 . 2006-03-02 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:38 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:38 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-02 17:38 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-06-27 13:51 . 2012-06-27 13:51 92840 ----a-w- c:\windows\system32\drivers\NNStlsc.sys 2012-06-27 13:51 . 2012-06-27 13:51 286376 ----a-w- c:\windows\system32\drivers\NNSProt.sys 2012-06-27 13:51 . 2012-06-27 13:51 153000 ----a-w- c:\windows\system32\drivers\NNSPrv.sys 2012-06-27 13:51 . 2012-06-27 13:51 106536 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys 2012-06-27 13:51 . 2012-06-27 13:51 51496 ----a-w- c:\windows\system32\drivers\NNSpihs.sys 2012-06-27 13:51 . 2012-06-27 13:51 104104 ----a-w- c:\windows\system32\drivers\NNSPop3.sys 2012-06-27 13:51 . 2012-06-27 13:51 93992 ----a-w- c:\windows\system32\drivers\NNSpicc.sys 2012-06-27 13:51 . 2012-06-27 13:51 122664 ----a-w- c:\windows\system32\drivers\NNSIds.sys 2012-06-27 13:51 . 2012-06-27 13:51 82472 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys 2012-06-27 13:51 . 2012-06-27 13:51 120744 ----a-w- c:\windows\system32\drivers\NNSHttp.sys 2012-06-06 06:49 . 2012-06-06 06:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 15:49 . 2008-04-14 17:02 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:35 . 2007-07-30 17:18 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2008-04-05 07:21 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2008-04-04 19:19 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2008-04-04 19:19 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2008-04-04 19:19 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2008-04-05 07:21 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2008-04-04 19:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2008-04-04 19:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2008-04-05 07:21 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2008-04-05 07:21 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2008-04-04 19:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2008-04-05 07:21 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2008-04-04 19:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2008-04-07 15:47 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2008-04-07 15:47 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-05-31 13:22 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-08-15 11:50 . 2012-08-15 11:50 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 86696] . [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}] 2012-03-15 21:02 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 86696] . [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-30 39408] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512] "Panda Security URL Filtering"="c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-07-07 296096] "PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] "tvncontrol"="c:\program files\Common Files\Comodo\tvnserver.exe" [2012-01-27 828944] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-6-27 572000] Start GeekBuddy.lnk - c:\program files\COMODO\GeekBuddy\launcher.exe [2012-8-16 49360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-20 15:16 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^eFax 4.4.lnk] backup=c:\windows\pss\eFax 4.4.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALDI_FotoSuite_Download HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2} . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2009-04-24 03:21 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] 2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4] 2008-10-07 20:25 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2008-12-12 06:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 17:03 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-11-06 06:25 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-04-30 20:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LastPass\\lastpass.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Panda Security\\Panda Security Toolbar\\dtuser.exe"= "c:\\Program Files\\Common Files\\Comodo\\tvnserver.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9-11-2008 19:33 28544] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7-2-2010 15:13 206256] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [14-7-2012 18:25 14776] R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [3-8-2012 10:23 36112] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11-9-2010 0:40 494968] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11-9-2010 0:40 31704] R1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\drivers\mchInjDrv.sys [7-2-2010 15:15 2560] R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [27-6-2012 15:51 82472] R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [27-6-2012 15:51 120744] R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [27-6-2012 15:51 122664] R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [27-6-2012 15:51 93992] R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [27-6-2012 15:51 104104] R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [27-6-2012 15:51 286376] R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [27-6-2012 15:51 153000] R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [27-6-2012 15:51 106536] R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [12-7-2012 11:18 206632] R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [27-6-2012 15:51 92840] R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [13-7-2012 7:02 179112] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3-9-2008 14:07 12880] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [3-9-2008 14:07 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [3-7-2010 11:05 116608] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [4-1-2012 19:17 490840] R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\Comodo\launcher_service.exe [16-8-2012 9:14 70352] R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIHInst.exe [13-12-2009 13:03 440616] R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\GFI\GFIBAC~1\GFIHSC~1.EXE [13-12-2009 13:03 2324848] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8-8-2010 9:38 12184] R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [13-7-2012 6:57 140064] R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [20-10-2010 18:41 67904] R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [13-7-2012 7:02 149032] R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [13-7-2012 7:02 101544] R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [13-7-2012 7:02 114728] R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [13-7-2012 7:02 120616] R2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [13-7-2012 7:15 36640] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [27-6-2012 9:25 1326176] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [27-6-2012 9:25 681056] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-4-2011 14:21 92592] R2 tvnserver;TightVNC Server;c:\program files\Common Files\Comodo\tvnserver.exe [27-1-2012 9:47 828944] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [18-3-2010 11:01 42648] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [18-3-2010 11:01 12184] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [15-4-2008 23:10 47360] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [16-12-2011 16:19 15544] R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [16-8-2012 22:34 46280] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 gupdate1c988812d39443a;Google Update Service (gupdate1c988812d39443a);c:\program files\Google\Update\GoogleUpdate.exe [6-2-2009 19:34 133104] S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\Drivers\Scutum50.sys --> c:\windows\system32\Drivers\Scutum50.sys [?] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [21-4-2012 11:22 250056] S3 AF9035BDA;ASUS U3100 Mini Plus BDA Devices;c:\windows\system32\drivers\AF9035BDA.sys [26-5-2010 20:02 462952] S3 AR2425;abit AirPace Wi-Fi Wireless Network Adapter Service;c:\windows\system32\drivers\aw5006.sys [29-11-2009 14:22 556832] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6-2-2009 19:34 133104] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12-6-2011 12:15 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [21-7-2012 10:14 114144] S3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [9-9-2011 13:54 38536] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2-3-2006 14:00 14336] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9-1-2010 22:37 4640000] S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [17-11-2009 19:16 16904] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [6-9-2010 22:16 1069824] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3-9-2008 14:07 12872] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [27-6-2012 15:51 51496] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Inhoud van de 'Gedeelde Taken' map . 2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 12:44] . 2012-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2012-08-18 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-01-14 18:33] . 2012-08-05 c:\windows\Tasks\GlaryOneClickOptimizer.job - c:\program files\Glary Utilities\oneclickoptimizer.exe [2010-01-14 18:33] . 2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 17:34] . 2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 17:34] . 2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-507921405-1801674531-1003Core.job - c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-29 14:55] . 2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-507921405-1801674531-1003UA.job - c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-29 14:55] . 2012-08-18 c:\windows\Tasks\User_Feed_Synchronization-{865688A4-A229-4966-9BB1-92695161C9FC}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://www.google.nl/ig?hl=nl uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{95C18FA5-D96B-4DD2-8249-FF033C194AB5}: NameServer = 192.168.0.1 TCP: Interfaces\{AF6B06B9-B63E-43C3-A4E6-5E8FBEC53F36}: NameServer = 8.26.56.26,156.154.70.22 FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\t6ehw5y2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.nl/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q= FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: browser.xul.error_pages.enabled - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 8191 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 32 FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-proxy - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file) WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file) Notify-WRNotifier - (no file) SafeBoot-20808000.sys SafeBoot-SolutoService AddRemove-Windows CE Services - c:\windows\ISUN0413.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-18 14:35 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwClose . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,fc,a0,38,4f,14,ea,4d,b5,8a,bc,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,fc,a0,38,4f,14,ea,4d,b5,8a,bc,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "Licence0"="REMOVED" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1796) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . - - - - - - - > 'lsass.exe'(1852) c:\windows\system32\guard32.dll c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll . - - - - - - - > 'explorer.exe'(5996) c:\windows\system32\guard32.dll c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\panda_url_filtering.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~2\Office14\1043\GrooveIntlResource.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . - - - - - - - > 'csrss.exe'(1760) c:\windows\system32\cmdcsr.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\COMODO\GeekBuddy\unit_manager.exe c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\windows\system32\IoctlSvc.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\System32\StkASv2K.exe c:\program files\COMODO\GeekBuddy\unit.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\RTHDCPL.EXE . ************************************************************************** . Voltooingstijd: 2012-08-18 14:45:26 - machine werd herstart ComboFix-quarantined-files.txt 2012-08-18 12:45 . Pre-Run: 36.191.580.160 bytes beschikbaar Post-Run: 36.424.437.760 bytes beschikbaar . - - End Of File - - 182F0AD3132FAE164A9C18BA08F21AD5

Ik krijg nu ook een melding van comodo firewall: .UnclassifiedMalware@1 j:\system volume information\_restore{f195f99e-2f85-4cd2-bf7e-15cc8a71a0ba}\RP1578\A0369580.exe melding was nog voordat ik met combofix aan de gang ben gegaan

En onderstaand nieuwe logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:25:11, on 18-8-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\Program Files\Common Files\Comodo\launcher_service.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\windows\system32\svchost.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe C:\windows\system32\ctfmon.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\COMODO\GeekBuddy\unit_manager.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\windows\system32\NLSSRV32.EXE C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\windows\system32\IoctlSvc.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\windows\system32\svchost.exe C:\windows\System32\StkASv2K.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\Comodo\tvnserver.exe C:\Program Files\Secunia\PSI\sua.exe C:\windows\RTHDCPL.EXE C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\Documents and Settings\Eigenaar\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\Common Files\Comodo\tvnserver.exe" -controlservice -slave O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files\COMODO\GeekBuddy\launcher.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207380042320 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345060732343 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (Emsisoft Web Malware Scan) - http://ax.emsisoft.com/emsisoft_webscan.cab O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) - O17 - HKLM\System\CCS\Services\Tcpip\..\{95C18FA5-D96B-4DD2-8249-FF033C194AB5}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{AF6B06B9-B63E-43C3-A4E6-5E8FBEC53F36}: NameServer = 8.26.56.26,156.154.70.22 O18 - Protocol: schmap-help - (no CLSID) - (no file) O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions Inc. - C:\Program Files\Common Files\Comodo\launcher_service.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GFI Backup 2009 - Home Edition Attendant Service (GFIBckHAtt) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe O23 - Service: GFI Backup 2009 - Home Edition Scheduler Service (GFIBckHSched) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE O23 - Service: Google Update Service (gupdate1c988812d39443a) (gupdate1c988812d39443a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\system32\NLSSRV32.EXE O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\windows\system32\IoctlSvc.exe O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\windows\System32\StkASv2K.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\Common Files\Comodo\tvnserver.exe -- End of file - 17840 bytes

Beste kape onderstaande logfile Malwarebytes: Malwarebytes Anti-Malware 1.62.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2012.08.18.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Eigenaar :: FREDVERNES [administrator] 18-8-2012 12:37:31 mbam-log-2012-08-18 (12-37-31).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 195375 Verstreken tijd: 9 minuut/minuten, 30 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)

Onderstaand de gevraagde info: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:36:48, on 18-8-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\Program Files\Common Files\Comodo\launcher_service.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\windows\system32\svchost.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe C:\windows\system32\ctfmon.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\COMODO\GeekBuddy\unit_manager.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\windows\system32\NLSSRV32.EXE C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\windows\system32\IoctlSvc.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\windows\system32\svchost.exe C:\windows\System32\StkASv2K.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\Comodo\tvnserver.exe C:\Program Files\Secunia\PSI\sua.exe C:\windows\RTHDCPL.EXE C:\Program Files\totalcmd\TOTALCMD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Eigenaar\Mijn documenten\Downloads\HijackThis(1).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll O2 - BHO: (no name) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\Common Files\Comodo\tvnserver.exe" -controlservice -slave O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [A746F63C6518158F26FCFDC3D490EC5DB3D51438._service_run] "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=service O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files\COMODO\GeekBuddy\launcher.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207380042320 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345060732343 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (Emsisoft Web Malware Scan) - http://ax.emsisoft.com/emsisoft_webscan.cab O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) - O17 - HKLM\System\CCS\Services\Tcpip\..\{95C18FA5-D96B-4DD2-8249-FF033C194AB5}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{AF6B06B9-B63E-43C3-A4E6-5E8FBEC53F36}: NameServer = 8.26.56.26,156.154.70.22 O18 - Protocol: schmap-help - (no CLSID) - (no file) O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: acaptuser32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions Inc. - C:\Program Files\Common Files\Comodo\launcher_service.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GFI Backup 2009 - Home Edition Attendant Service (GFIBckHAtt) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe O23 - Service: GFI Backup 2009 - Home Edition Scheduler Service (GFIBckHSched) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE O23 - Service: Google Update Service (gupdate1c988812d39443a) (gupdate1c988812d39443a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\system32\NLSSRV32.EXE O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\windows\system32\IoctlSvc.exe O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\windows\System32\StkASv2K.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\Common Files\Comodo\tvnserver.exe -- End of file - 18363 bytes

Beste forum, Ik krijg een melding bij het opstarten " unit.exe - Toepassingsfout onbekende uitzondering in software, het lijkt dat ik een virus of trojan heb opgelopen, kan iemand mij aangeven wat ik kan doen om dit kwijt te raken? Groet Fred