casper

Probleem is van de baan , bedankt voor de medewerking , een geluk voor mij dat jullie zo op de hoogte zijn van die toestanden , ik ben maar een leek daarbij , groetjes Mario

Perfect , de laptop werkt weer als voordien , nu volg ik de Gouden Regel : Stay Out from Program Files ( NO Entry ) , Bedankt mensen , groetjes Mario

HieMalwarebytes' Anti-Malware 1.39 Database versie: 2520 Windows 5.1.2600 Service Pack 3 28/07/2009 19:44:06 mbam-log-2009-07-28 (19-43-01).txt Scan type: Snelle Scan Objecten gescand: 84587 Verstreken tijd: 6 minute(s), 57 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden)Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:23:13, on 28/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe c:\WINDOWS\system32\o2flash.exe C:\Program Files\Belgacom\bin\sprtsvc.exe C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\Documents and Settings\Eigenaar\Mijn documenten\utorrent.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236974259906 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O21 - SSODL: JavaPlug-in - {2ae97af5-6358-43af-9448-85bc937a937b} - C:\Program Files\Common Files\Java\JavaPlug-in.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - c:\WINDOWS\system32\o2flash.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9281 bytes Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) rbij lever ik U nu de gevraagde informatie : een logfile + anti-malware logbestand

Hier ben ik met een logje , hopelijk ben je er iets mee , cheers Mario hijackthisverloren bestanden.txt

CCleaner heeft veel verwijderd maar mijn probleem blijft er staan , de fout is dat er een bestandsmap van een programma weg is ( dom van mij ) , ik heb naar de site van iolo system mechanic het programma terug willen installeren met de manager download maar geen reactie van de server , bestaat er geen programma die bestanden kan terugvinden al is er door Windows overschrefen , lastige klus denk ik , anders laat ik het staan tot dat mijn licentie gedaan is , groetjes

terug van weggeweest , Hoi , ik zit met een klein probleem met een software programma , allee eigenlijk is het mijn fout door een map die ik dacht dubbel te hebben van een programma te verwijderen maar ik heb het mis want daardoor kan Windows het uninstall file NIET wegdoen , nogal logish door de map met al die bestanden voor System Mechanic die ik aangekocht heb , dus ik probeer de software weer te installeren maar hij weigert omdat het een oude versie is , mijn programma draaid nog op Windows , Ik zou graag dat programma verwijderen omdat het veel CPU opslorpt , Het ligt ook niet aan een virus of spyware alles gechekt , zuiver een domme toets van mij , NOOIT bestanden wegdoen uit programfiles, Wie kan er mij helpen ? Groetjes Mario

Hallo , Ik gebruik Winamp en zou graag een afspeellijst maken voor op mijn mp3 speler maar weet de handleiding niet ,

:pcguru:Ik zit met een groot probleem , mijne laptop werkt niet meer door een virus is de computer afgesloten en Windows geeft de melding dat het programma Windows Verkenner afgesloten (DEP) vanaf ik het bericht sluit gaat de laptop uit en herhaalt alles terug , ik heb nog een geluk dat ik op het internet kan , maar in mijn computer njet ,wat moet ik doen om weer te kunnen werken met mijn laptop , stomme fout van mij door een media player met keygen af te halen (VIRUS) , Bitdefender blokkeerde en verwijderde hem maar dan kwam Windows de stekker uitgetrokken of mijn laptop hangt , weet niet ben niet zo op de hoogte , we zien wel , Dank bij voorbaat groetjes Mario

Probleem opgelost met musicmatch plus is een goeie mediaplayer

verwijder windows mediaplayer 11 en normaal heb je de vorige versie terug en anders allebei de mediaplayers verwijderen en installeer terug media player 10

is er een mediaplayer die zonder moeite bestandsinfo of auto-tag kan bijvoegen bij muziekbestanden , Mediamonkey en Winamp ben ik niet tevreden geeft verkeerde informatie van info groetjes Mario

PLEXTOR is een goeie , tot hiertoe geen enkel probleem met afspelen van AVI of DIVX bestanden die via het internet gedownload zijn

:-)Hoe kan ik een back-up maken van mijn laptop , normaal gaat dat via de computer maar bij mij lukt dat niet of ondersteund niet , een beetje radeloos word ik er van , iedere keer moet ik mijn muziek en bestanden overzetten met een externe harde schijf er moet toch een programma zijn dat het zonder moeite overpakt . Ik heb geen back up cd van de laptop :viking:groetjes Mario

Het programma Deskupdate ondersteund mijn laptop NIET , daardoor heb ik een alternatief gezocht en heb een tool van Siemens met de naam SystemDiagnostics een volledige scan laten uitvoeren en vond geen fouten of onmisbare drivers , maar in ieder geval BEDANKT voor de support , mijn probleem is opgelost

mijn laptop is van fujitsu siemens : model AMILO PI1505

Weet er iemand een gratis programma om mijn drivers up te daten , ik heb een scan laten doen van Driver Magican en meldde mij vele fouten op mijn laptop en vroeg te registreren maar wou eerst eens langs de forum gaan , Het zit zo mijn laptop is volledig uitgewist (recover cd ) en alles moest opnieuw geinstalleerd worden van mijn drivers & uttilities cd maar sommige set ups pakte hij niet uit en daardoor mis ik bepaalde instellingen of drivers , kan er iemand mij helpen wat ik kan doen ? :s groetjes Mario

ComboFix 09-01-31.03 - Eigenaar 2009-02-01 19:57:15.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.535 [GMT 1:00] Gestart vanuit: c:\documents and settings\Eigenaar\Mijn documenten\ComboFix.exe gebruikte Opdracht switches :: / u AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) . (((((((((((((((((((( Bestanden Gemaakt van 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))) . 2009-01-31 21:48 . 2005-03-09 19:10 89,088 --a------ c:\windows\system32\atl71.dll 2009-01-31 21:02 . 2009-02-01 17:51 <DIR> dr-h----- c:\documents and settings\Eigenaar\Onlangs geopend 2009-01-31 20:59 . 2009-01-31 20:59 <DIR> d-------- c:\program files\CCleaner 2009-01-31 20:37 . 2009-01-31 20:37 <DIR> d-------- c:\program files\Windows Defender 2009-01-31 20:15 . 2009-01-31 20:15 <DIR> d-------- c:\program files\FormatFactory 2009-01-31 19:44 . 2000-08-31 08:00 29,696 --a------ c:\windows\NIRCMD(2).exe 2009-01-31 19:11 . 2009-01-31 19:46 <DIR> d--hs---- C:\RECYCLER(3) 2009-01-30 20:31 . 2009-01-30 20:31 <DIR> d-------- c:\program files\Common Files\McAfee 2009-01-30 20:30 . 2009-01-31 21:53 <DIR> d-------- c:\program files\McAfee 2009-01-29 22:16 . 2009-01-31 19:41 4 --a------ c:\windows\system32\gaopdxcounter 2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Malwarebytes 2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-23 20:36 . 2009-01-23 20:36 <DIR> d-------- c:\program files\Trend Micro 2009-01-23 19:02 . 2009-01-23 19:02 <DIR> d-------- c:\program files\InCode Solutions 2009-01-17 16:13 . 2009-01-17 16:13 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\GlarySoft 2009-01-17 13:51 . 2009-01-18 19:21 <DIR> d-------- c:\program files\a-squared Anti-Malware 2009-01-16 22:44 . 2009-01-16 23:14 <DIR> d-------- c:\program files\MSECACHE 2009-01-16 21:58 . 2009-01-16 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2009-01-15 21:34 . 2009-01-31 20:31 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\COWON 2009-01-14 20:36 . 2009-01-14 20:36 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-13 20:50 . 2009-01-16 23:01 <DIR> d-------- c:\program files\OpenOffice.org 3 2009-01-13 20:06 . 2009-01-16 23:01 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-01-11 17:24 . 2009-01-11 17:24 <DIR> d-------- c:\program files\Common Files\Java 2009-01-10 23:07 . 2009-01-10 23:07 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Uniblue 2009-01-10 10:42 . 2009-01-31 19:11 <DIR> d-------- c:\program files\WinAVI Video Converter 2009-01-09 22:31 . 2009-01-09 22:31 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\OpenOffice.org 2009-01-09 22:28 . 2009-01-09 22:28 <DIR> d-------- c:\program files\readmes 2009-01-09 22:28 . 2009-01-09 22:28 <DIR> d-------- c:\program files\licenses 2009-01-07 21:54 . 2009-01-07 21:54 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\dBpoweramp 2009-01-07 21:53 . 2009-01-11 17:26 <DIR> d-------- c:\program files\AC3Filter . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-01 15:42 --------- d-----w c:\program files\Common Files\BitDefender 2009-02-01 15:09 81,984 -c--a-w c:\windows\system32\bdod.bin 2009-01-31 22:54 --------- d-----w c:\documents and settings\Eigenaar\Application Data\uTorrent 2009-01-31 21:14 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-31 21:08 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2009-01-30 19:31 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2009-01-23 20:38 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-17 12:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-16 22:00 --------- d-----w c:\program files\ffdshow 2009-01-14 19:36 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-01-11 16:25 --------- d-----w c:\program files\Creative 2009-01-10 21:51 --------- d-----w c:\program files\Java 2008-12-27 22:53 603,904 ----a-w c:\windows\system32\TUProgSt.exe 2008-12-27 22:53 362,240 ----a-w c:\windows\system32\TuneUpDefragService.exe 2008-12-27 22:52 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-12-27 18:54 --------- d-----w c:\documents and settings\Eigenaar\Application Data\TuneUp Software 2008-12-27 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-12-27 17:01 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Smart PC Solutions 2008-12-21 20:34 22,104 ----a-w c:\documents and settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT 2008-12-21 16:12 73,216 ----a-w c:\windows\ST6UNST.EXE 2008-12-21 16:12 249,856 ------w c:\windows\Setup1.exe 2008-12-20 21:48 --------- d-----w c:\program files\DivX 2008-12-19 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-19 10:01 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Pegasys Inc 2008-12-18 21:43 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Desktopicon 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-05 21:40 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Any Video Converter 2008-12-05 18:40 --------- d-----w c:\documents and settings\Eigenaar\Application Data\NCH Software 2008-12-05 18:40 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software 2008-12-05 16:00 --------- d-----w c:\documents and settings\Eigenaar\Application Data\NCH Swift Sound 2008-12-05 16:00 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound 2008-12-04 21:50 --------- d-----w c:\program files\CDisplay 2008-11-24 20:07 5,068,152 ----a-w c:\windows\system32\SpoonUninstall.exe 2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe 2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-11-21 21:45 823,296 ----a-w c:\windows\system32\divx_xx0c.dll 2008-11-21 21:45 823,296 ----a-w c:\windows\system32\divx_xx07.dll 2008-11-21 21:45 815,104 ----a-w c:\windows\system32\divx_xx0a.dll 2008-11-21 21:45 802,816 ----a-w c:\windows\system32\divx_xx11.dll 2008-11-21 21:45 684,032 ----a-w c:\windows\system32\DivX.dll 2008-11-21 21:45 57,344 ----a-w c:\windows\system32\dpv11.dll 2008-11-21 21:45 53,248 ----a-w c:\windows\system32\dpuGUI10.dll 2008-11-21 21:45 344,064 ----a-w c:\windows\system32\dpus11.dll 2008-11-21 21:45 294,912 ----a-w c:\windows\system32\dpu11.dll 2008-11-21 21:45 294,912 ----a-w c:\windows\system32\dpu10.dll 2008-11-21 21:44 161,096 -c--a-w c:\windows\system32\DivXCodecVersionChecker.exe 2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll 2008-11-12 15:44 27,904 ----a-w c:\windows\system32\uxtuneup.dll 2008-07-29 13:54 47,360 -c--a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys 2008-10-21 18:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008092920081006\index.dat 2008-10-21 18:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008102120081022\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-30_23.04.42,51 ))))))))))))))))))))))))))))))))))))))))) . - 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2000-08-31 07:00:00 286,720 ----a-w c:\windows\SWREG.exe - 2009-01-16 20:14:07 130,096 -c--a-w c:\windows\system32\FNTCACHE.DAT + 2009-01-31 10:26:42 130,096 -c--a-w c:\windows\system32\FNTCACHE.DAT - 2003-03-18 19:14:52 499,712 ----a-w c:\windows\system32\msvcp71.dll + 2005-03-09 18:10:10 503,808 ----a-w c:\windows\system32\msvcp71.dll - 2003-02-21 03:42:22 348,160 ----a-w c:\windows\system32\msvcr71.dll + 2005-03-09 18:10:10 348,160 ----a-w c:\windows\system32\msvcr71.dll - 2009-01-16 22:02:43 10,180,008 ----a-w c:\windows\system32\Restore\rstrlog.dat + 2009-01-31 18:47:12 2,218,660 ----a-w c:\windows\system32\Restore\rstrlog.dat + 2009-02-01 15:44:05 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_264.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-07 160592] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016] "SMSERIAL"="sm56hlpr.exe" [2006-01-20 c:\windows\sm56hlpr.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.I263"= I263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "86:TCP"= 86:TCP:BroadCam Web Server R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-02-27 34880] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-02-20 29056] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-30 203280] R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-27 603904] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map 2009-02-01 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] 2009-01-16 c:\windows\Tasks\WinASORegistryOptimizerForEigenaar.job - c:\program files\WinASO\Registry Optimizer\RegOpt.exe [] . . ------- Bijkomende Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Visit in &3D using ExitReality - ExitReality Trusted Zone: cheggit.net Trusted Zone: puretna.com FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\h010fwvn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Van Dale Woordenboek FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\h010fwvn.default\extensions\{b7f907ee-0a1b-43b8-a611-b429a184ad6b}\components\FFAlert.dll FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 750 FF - user.js: content.notify.interval - 750000 FF - user.js: content.max.tokenizing.time - 2250000 pref(dom.disable_open_during_load, true);. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-01 19:59:16 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(1420) c:\windows\SYSTEM32\igfxdev.dll . Voltooingstijd: 2009-02-01 20:01:44 ComboFix-quarantined-files.txt 2009-02-01 19:01:21 ComboFix2.txt 2009-02-01 15:17:23 ComboFix3.txt 2009-01-30 22:05:50 Pre-Run: 90.597.486.592 bytes beschikbaar Post-Run: 90,584,289,280 bytes beschikbaar 203 --- E O F --- 2009-01-29 19:32:50 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:28:46, on 1/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Belgacom\bin\sprtsvc.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Belgacom\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN ! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Visit in &3D using ExitReality - ExitReality O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 6986 bytes Hierbij heb ik een log van Combofix en Hjack meegestuurd voor verdere evaluatie , dat was nogal een zure appel maar we moeten er door zoals je zei , ik heb het volgende gedaan : Combofix via START>uitvoeren en typ en OK maar inplaats van verwijderen begon het te starten en melde dat Bitdefender actief was maar dat kan niet want hij was er af van de computer , en door Bitdefender er af was het probleem met Lokaal Station verholpen en kreeg ik het weer open en geen foutmelding meer . Systeemherstel heb ik uitgeschakeld en terug aangezet + een herstellingspunt , zou ik niet best een ander anti-virus programma nemen voor geen toestanden meer te hebben zoals nu , want terwijl Bitdefender uitgeschakeld is hij nog actief in real time beveiliging en blokkeerd iedere actie in ieder geval BEDANKT voor de tijd en ondersteuning voor mijn probleem , als leek heb ik mijn best gedaan (denk ik ) groetjes Mario

ComboFix 09-01-31.03 - Eigenaar 2009-02-01 16:07:09.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.456 [GMT 1:00] Gestart vanuit: c:\documents and settings\Eigenaar\Mijn documenten\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript.txt AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) * Nieuw herstelpunt werd aangemaakt * Resident AV is active FILE :: c:\windows\system32\ConTest.dll c:\windows\system32\drivers\gaopdxserv.sys c:\windows\system32\SysRestore.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\documents and settings\Eigenaar\Application Data\inst.exe c:\windows\system32\ConTest.dll c:\windows\system32\drivers\gaopdxdotgoyer.sys c:\windows\system32\drivers\gaopdxyoulvypq.sys c:\windows\system32\gaopdxcounter\ c:\windows\system32\regm64.dll c:\windows\system32\SysRestore.dll c:\windows\system32\xcomm.dll . ---- Voorgaande Run ------- . C:\Autorun.inf c:\documents and settings\Eigenaar\Application Data\inst.exe c:\windows\system32\drivers\gaopdxserv.sys c:\windows\system32\regm64.dll c:\windows\system32\xcomm.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Legacy_NPF -------\Service_gaopdxserv.sys (((((((((((((((((((( Bestanden Gemaakt van 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))) . 2009-01-31 21:48 . 2005-03-09 19:10 89,088 --a------ c:\windows\system32\atl71.dll 2009-01-31 21:02 . 2009-02-01 16:01 <DIR> dr-h----- c:\documents and settings\Eigenaar\Onlangs geopend 2009-01-31 20:59 . 2009-01-31 20:59 <DIR> d-------- c:\program files\CCleaner 2009-01-31 20:37 . 2009-01-31 20:37 <DIR> d-------- c:\program files\Windows Defender 2009-01-31 20:15 . 2009-01-31 20:15 <DIR> d-------- c:\program files\FormatFactory 2009-01-31 19:44 . 2000-08-31 08:00 29,696 --a------ c:\windows\NIRCMD(2).exe 2009-01-31 19:11 . 2009-01-31 19:46 <DIR> d--hs---- C:\RECYCLER(3) 2009-01-30 20:31 . 2009-01-30 20:31 <DIR> d-------- c:\program files\Common Files\McAfee 2009-01-30 20:30 . 2009-01-31 21:53 <DIR> d-------- c:\program files\McAfee 2009-01-29 22:16 . 2009-01-31 19:41 4 --a------ c:\windows\system32\gaopdxcounter 2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Malwarebytes 2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-23 20:36 . 2009-01-23 20:36 <DIR> d-------- c:\program files\Trend Micro 2009-01-23 19:02 . 2009-01-23 19:02 <DIR> d-------- c:\program files\InCode Solutions 2009-01-17 16:13 . 2009-01-17 16:13 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\GlarySoft 2009-01-17 13:51 . 2009-01-18 19:21 <DIR> d-------- c:\program files\a-squared Anti-Malware 2009-01-16 22:44 . 2009-01-16 23:14 <DIR> d-------- c:\program files\MSECACHE 2009-01-16 21:58 . 2009-01-16 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2009-01-15 21:34 . 2009-01-31 20:31 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\COWON 2009-01-14 20:36 . 2009-01-14 20:36 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-13 20:50 . 2009-01-16 23:01 <DIR> d-------- c:\program files\OpenOffice.org 3 2009-01-13 20:06 . 2009-01-16 23:01 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-01-11 17:24 . 2009-01-11 17:24 <DIR> d-------- c:\program files\Common Files\Java 2009-01-10 23:07 . 2009-01-10 23:07 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Uniblue 2009-01-10 10:42 . 2009-01-31 19:11 <DIR> d-------- c:\program files\WinAVI Video Converter 2009-01-09 22:31 . 2009-01-09 22:31 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\OpenOffice.org 2009-01-09 22:28 . 2009-01-09 22:28 <DIR> d-------- c:\program files\readmes 2009-01-09 22:28 . 2009-01-09 22:28 <DIR> d-------- c:\program files\licenses 2009-01-07 21:54 . 2009-01-07 21:54 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\dBpoweramp 2009-01-07 21:53 . 2009-01-11 17:26 <DIR> d-------- c:\program files\AC3Filter . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-31 22:54 --------- d-----w c:\documents and settings\Eigenaar\Application Data\uTorrent 2009-01-31 21:14 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-31 21:08 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2009-01-30 19:31 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2009-01-23 20:38 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-17 12:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-16 22:00 --------- d-----w c:\program files\ffdshow 2009-01-11 16:34 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender 2009-01-11 16:25 --------- d-----w c:\program files\Creative 2009-01-10 21:51 --------- d-----w c:\program files\Java 2008-12-29 07:54 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Bitdefender 2008-12-27 22:52 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-12-27 18:54 --------- d-----w c:\documents and settings\Eigenaar\Application Data\TuneUp Software 2008-12-27 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-12-27 17:01 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Smart PC Solutions 2008-12-21 20:34 22,104 ----a-w c:\documents and settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT 2008-12-21 16:12 73,216 ----a-w c:\windows\ST6UNST.EXE 2008-12-21 16:12 249,856 ------w c:\windows\Setup1.exe 2008-12-20 21:48 --------- d-----w c:\program files\DivX 2008-12-19 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-19 10:01 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Pegasys Inc 2008-12-18 21:43 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Desktopicon 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-05 21:40 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Any Video Converter 2008-12-05 18:40 --------- d-----w c:\documents and settings\Eigenaar\Application Data\NCH Software 2008-12-05 18:40 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software 2008-12-05 16:00 --------- d-----w c:\documents and settings\Eigenaar\Application Data\NCH Swift Sound 2008-12-05 16:00 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound 2008-12-04 21:50 --------- d-----w c:\program files\CDisplay 2008-07-29 13:54 47,360 -c--a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys 2008-10-21 18:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008092920081006\index.dat 2008-10-21 18:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008102120081022\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-30_23.04.42,51 ))))))))))))))))))))))))))))))))))))))))) . - 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2000-08-31 07:00:00 286,720 ----a-w c:\windows\SWREG.exe - 2009-01-30 22:00:17 81,984 -c--a-w c:\windows\system32\bdod.bin + 2009-02-01 15:09:12 81,984 -c--a-w c:\windows\system32\bdod.bin - 2009-01-16 20:14:07 130,096 -c--a-w c:\windows\system32\FNTCACHE.DAT + 2009-01-31 10:26:42 130,096 -c--a-w c:\windows\system32\FNTCACHE.DAT - 2003-03-18 19:14:52 499,712 ----a-w c:\windows\system32\msvcp71.dll + 2005-03-09 18:10:10 503,808 ----a-w c:\windows\system32\msvcp71.dll - 2003-02-21 03:42:22 348,160 ----a-w c:\windows\system32\msvcr71.dll + 2005-03-09 18:10:10 348,160 ----a-w c:\windows\system32\msvcr71.dll - 2009-01-16 22:02:43 10,180,008 ----a-w c:\windows\system32\Restore\rstrlog.dat + 2009-01-31 18:47:12 2,218,660 ----a-w c:\windows\system32\Restore\rstrlog.dat + 2009-02-01 15:11:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f8.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-07 160592] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2009-01-11 61440] "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-01-11 360448] "SMSERIAL"="sm56hlpr.exe" [2006-01-20 c:\windows\sm56hlpr.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.I263"= I263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "86:TCP"= 86:TCP:BroadCam Web Server R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-02-27 34880] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-02-20 29056] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-30 203280] R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-27 603904] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map 2009-02-01 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] 2009-01-16 c:\windows\Tasks\WinASORegistryOptimizerForEigenaar.job - c:\program files\WinASO\Registry Optimizer\RegOpt.exe [] . . ------- Bijkomende Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Visit in &3D using ExitReality - ExitReality Trusted Zone: cheggit.net Trusted Zone: puretna.com FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\h010fwvn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Van Dale Woordenboek FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\h010fwvn.default\extensions\{b7f907ee-0a1b-43b8-a611-b429a184ad6b}\components\FFAlert.dll FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 750 FF - user.js: content.notify.interval - 750000 FF - user.js: content.max.tokenizing.time - 2250000 pref(dom.disable_open_during_load, true);. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-01 16:11:58 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\CTSVCCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\o2flash.exe c:\windows\system32\MsPMSPSv.exe c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe . ************************************************************************** . Voltooingstijd: 2009-02-01 16:17:21 - machine werd herstart [Eigenaar] ComboFix-quarantined-files.txt 2009-02-01 15:17:18 ComboFix2.txt 2009-01-30 22:05:50 Pre-Run: 90,889,330,688 bytes beschikbaar Post-Run: 90,883,391,488 bytes beschikbaar 229 --- E O F --- 2009-01-29 19:32:50 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:22:30, on 1/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Belgacom\bin\sprtsvc.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Belgacom\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\explorer.exe C:\WINDOWS\SYSTEM32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN ! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Visit in &3D using ExitReality - ExitReality O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 7843 bytes Hierboven vind je de logfiles van ComboFix en HijackThis ! Zoals u me aangeraden had. Hopelijk is het probleem hierbij nu opgelost ! Nu zit ik wel met het probleem dat ik mijn Bitdefender niet kan openen. Ik krijg voortdurend een foutmelding! Wat kan ik nu het beste doen ? Bitdefender van mijn computer halen en opnieuw installeren ? Of iets anders doen ? Alvast bedankt ! Mario

ComboFix 09-01-31.03 - Eigenaar 2009-02-01 16:07:09.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.456 [GMT 1:00] Gestart vanuit: c:\documents and settings\Eigenaar\Mijn documenten\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript.txt AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) * Nieuw herstelpunt werd aangemaakt * Resident AV is active FILE :: c:\windows\system32\ConTest.dll c:\windows\system32\drivers\gaopdxserv.sys c:\windows\system32\SysRestore.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\documents and settings\Eigenaar\Application Data\inst.exe c:\windows\system32\ConTest.dll c:\windows\system32\drivers\gaopdxdotgoyer.sys c:\windows\system32\drivers\gaopdxyoulvypq.sys c:\windows\system32\gaopdxcounter\ c:\windows\system32\regm64.dll c:\windows\system32\SysRestore.dll c:\windows\system32\xcomm.dll . ---- Voorgaande Run ------- . C:\Autorun.inf c:\documents and settings\Eigenaar\Application Data\inst.exe c:\windows\system32\drivers\gaopdxserv.sys c:\windows\system32\regm64.dll c:\windows\system32\xcomm.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Legacy_NPF -------\Service_gaopdxserv.sys (((((((((((((((((((( Bestanden Gemaakt van 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))) . 2009-01-31 21:48 . 2005-03-09 19:10 89,088 --a------ c:\windows\system32\atl71.dll 2009-01-31 21:02 . 2009-02-01 16:01 <DIR> dr-h----- c:\documents and settings\Eigenaar\Onlangs geopend 2009-01-31 20:59 . 2009-01-31 20:59 <DIR> d-------- c:\program files\CCleaner 2009-01-31 20:37 . 2009-01-31 20:37 <DIR> d-------- c:\program files\Windows Defender 2009-01-31 20:15 . 2009-01-31 20:15 <DIR> d-------- c:\program files\FormatFactory 2009-01-31 19:44 . 2000-08-31 08:00 29,696 --a------ c:\windows\NIRCMD(2).exe 2009-01-31 19:11 . 2009-01-31 19:46 <DIR> d--hs---- C:\RECYCLER(3) 2009-01-30 20:31 . 2009-01-30 20:31 <DIR> d-------- c:\program files\Common Files\McAfee 2009-01-30 20:30 . 2009-01-31 21:53 <DIR> d-------- c:\program files\McAfee 2009-01-29 22:16 . 2009-01-31 19:41 4 --a------ c:\windows\system32\gaopdxcounter 2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Malwarebytes 2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-23 20:36 . 2009-01-23 20:36 <DIR> d-------- c:\program files\Trend Micro 2009-01-23 19:02 . 2009-01-23 19:02 <DIR> d-------- c:\program files\InCode Solutions 2009-01-17 16:13 . 2009-01-17 16:13 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\GlarySoft 2009-01-17 13:51 . 2009-01-18 19:21 <DIR> d-------- c:\program files\a-squared Anti-Malware 2009-01-16 22:44 . 2009-01-16 23:14 <DIR> d-------- c:\program files\MSECACHE 2009-01-16 21:58 . 2009-01-16 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2009-01-15 21:34 . 2009-01-31 20:31 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\COWON 2009-01-14 20:36 . 2009-01-14 20:36 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-13 20:50 . 2009-01-16 23:01 <DIR> d-------- c:\program files\OpenOffice.org 3 2009-01-13 20:06 . 2009-01-16 23:01 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-01-11 17:24 . 2009-01-11 17:24 <DIR> d-------- c:\program files\Common Files\Java 2009-01-10 23:07 . 2009-01-10 23:07 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Uniblue 2009-01-10 10:42 . 2009-01-31 19:11 <DIR> d-------- c:\program files\WinAVI Video Converter 2009-01-09 22:31 . 2009-01-09 22:31 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\OpenOffice.org 2009-01-09 22:28 . 2009-01-09 22:28 <DIR> d-------- c:\program files\readmes 2009-01-09 22:28 . 2009-01-09 22:28 <DIR> d-------- c:\program files\licenses 2009-01-07 21:54 . 2009-01-07 21:54 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\dBpoweramp 2009-01-07 21:53 . 2009-01-11 17:26 <DIR> d-------- c:\program files\AC3Filter . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-31 22:54 --------- d-----w c:\documents and settings\Eigenaar\Application Data\uTorrent 2009-01-31 21:14 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-31 21:08 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2009-01-30 19:31 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2009-01-23 20:38 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-17 12:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-16 22:00 --------- d-----w c:\program files\ffdshow 2009-01-11 16:34 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender 2009-01-11 16:25 --------- d-----w c:\program files\Creative 2009-01-10 21:51 --------- d-----w c:\program files\Java 2008-12-29 07:54 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Bitdefender 2008-12-27 22:52 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-12-27 18:54 --------- d-----w c:\documents and settings\Eigenaar\Application Data\TuneUp Software 2008-12-27 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-12-27 17:01 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Smart PC Solutions 2008-12-21 20:34 22,104 ----a-w c:\documents and settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT 2008-12-21 16:12 73,216 ----a-w c:\windows\ST6UNST.EXE 2008-12-21 16:12 249,856 ------w c:\windows\Setup1.exe 2008-12-20 21:48 --------- d-----w c:\program files\DivX 2008-12-19 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-19 10:01 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Pegasys Inc 2008-12-18 21:43 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Desktopicon 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-05 21:40 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Any Video Converter 2008-12-05 18:40 --------- d-----w c:\documents and settings\Eigenaar\Application Data\NCH Software 2008-12-05 18:40 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software 2008-12-05 16:00 --------- d-----w c:\documents and settings\Eigenaar\Application Data\NCH Swift Sound 2008-12-05 16:00 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound 2008-12-04 21:50 --------- d-----w c:\program files\CDisplay 2008-07-29 13:54 47,360 -c--a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys 2008-10-21 18:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008092920081006\index.dat 2008-10-21 18:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008102120081022\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-30_23.04.42,51 ))))))))))))))))))))))))))))))))))))))))) . - 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2000-08-31 07:00:00 286,720 ----a-w c:\windows\SWREG.exe - 2009-01-30 22:00:17 81,984 -c--a-w c:\windows\system32\bdod.bin + 2009-02-01 15:09:12 81,984 -c--a-w c:\windows\system32\bdod.bin - 2009-01-16 20:14:07 130,096 -c--a-w c:\windows\system32\FNTCACHE.DAT + 2009-01-31 10:26:42 130,096 -c--a-w c:\windows\system32\FNTCACHE.DAT - 2003-03-18 19:14:52 499,712 ----a-w c:\windows\system32\msvcp71.dll + 2005-03-09 18:10:10 503,808 ----a-w c:\windows\system32\msvcp71.dll - 2003-02-21 03:42:22 348,160 ----a-w c:\windows\system32\msvcr71.dll + 2005-03-09 18:10:10 348,160 ----a-w c:\windows\system32\msvcr71.dll - 2009-01-16 22:02:43 10,180,008 ----a-w c:\windows\system32\Restore\rstrlog.dat + 2009-01-31 18:47:12 2,218,660 ----a-w c:\windows\system32\Restore\rstrlog.dat + 2009-02-01 15:11:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f8.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-07 160592] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2009-01-11 61440] "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-01-11 360448] "SMSERIAL"="sm56hlpr.exe" [2006-01-20 c:\windows\sm56hlpr.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.I263"= I263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "86:TCP"= 86:TCP:BroadCam Web Server R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-02-27 34880] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-02-20 29056] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-30 203280] R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-27 603904] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map 2009-02-01 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] 2009-01-16 c:\windows\Tasks\WinASORegistryOptimizerForEigenaar.job - c:\program files\WinASO\Registry Optimizer\RegOpt.exe [] . . ------- Bijkomende Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Visit in &3D using ExitReality - ExitReality Trusted Zone: cheggit.net Trusted Zone: puretna.com FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\h010fwvn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Van Dale Woordenboek FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\h010fwvn.default\extensions\{b7f907ee-0a1b-43b8-a611-b429a184ad6b}\components\FFAlert.dll FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 750 FF - user.js: content.notify.interval - 750000 FF - user.js: content.max.tokenizing.time - 2250000 pref(dom.disable_open_during_load, true);. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-01 16:11:58 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\CTSVCCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\o2flash.exe c:\windows\system32\MsPMSPSv.exe c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe . ************************************************************************** . Voltooingstijd: 2009-02-01 16:17:21 - machine werd herstart [Eigenaar] ComboFix-quarantined-files.txt 2009-02-01 15:17:18 ComboFix2.txt 2009-01-30 22:05:50 Pre-Run: 90,889,330,688 bytes beschikbaar Post-Run: 90,883,391,488 bytes beschikbaar 229 --- E O F --- 2009-01-29 19:32:50 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:22:30, on 1/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Belgacom\bin\sprtsvc.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Belgacom\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\explorer.exe C:\WINDOWS\SYSTEM32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN ! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Visit in &3D using ExitReality - ExitReality O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 7843 bytes Ik heb de stappen ondernomen die je me eerst doorgaf ! Hierboven zie je de logfiles van Combofix en HijackThis. Hopelijk is het probleem hiermee opgelost ! Nu zit ik wel met het probleem dat ik mijn BitDefender niet meer kan openen, wat kan ik het beste doen ? Het programma van mijn computer halen en opnieuw installeren ? Alvast bedankt Mario

Ik zit met een serieus probleem nu , als ik Combofix wil starten blokkeerd Bitdefender hem op iedere vraag en ik wil geel risico lopen voor ernstige schade aan de laptop en wil het op een andere manier doen , ik heb nagegaan welk bestand is besmet en heb het bestand gevonden met de naam genius.exe ( Belgacom ) en van I-Talk instellingen , mijn vraag is nu verwijder ik eerst al de programmas of alleen het bestand

Zodra ik je wijze raad bekeken heb ik de stappen uitgevoerd zoals je melde en daarna een log tekst meegestuurd , het was wel kantje boord met mijn anti-virus programma , ik had hem uitgezet maar de real beveiliging bleef aan en blokkeerde veel stappen die ComboFix uitvoerde maar heb het allemaal toegestaan en werkte ,nogmaals een dikke merci voor de hulp.ComboFix 09-01-21.04 - Eigenaar 2009-01-30 23:02:07.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.476 [GMT 1:00] Gestart vanuit: c:\documents and settings\Eigenaar\Mijn documenten\ComboFix.exe AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) * Nieuw herstelpunt werd aangemaakt * Resident AV is active . - VERMINDERDE FUNCTIONALITEIT MODUS - . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\program files\Mozilla Firefox\components\iamfamous.dll c:\windows\msvrc20.dll c:\windows\system32\404Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\o4Patch.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))))) . 2009-01-30 22:39 . 2009-01-30 22:41 <DIR> d-------- c:\program files\JetAudio 2009-01-30 22:39 . 2009-01-30 22:40 <DIR> d-------- c:\program files\Common Files\COWON 2009-01-30 22:39 . 2009-01-30 22:39 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\InstallShield 2009-01-30 20:31 . 2009-01-30 20:31 <DIR> d-------- c:\windows\LastGood 2009-01-30 20:31 . 2009-01-30 20:31 <DIR> d-------- c:\program files\Common Files\McAfee 2009-01-30 20:30 . 2009-01-30 20:31 <DIR> d-------- c:\program files\McAfee 2009-01-30 19:54 . 2008-07-15 11:48 208,896 --a------ c:\windows\system32\ConTest.dll 2009-01-30 19:54 . 2008-05-29 10:37 20,480 --a------ c:\windows\system32\SysRestore.dll 2009-01-30 17:12 . 2009-01-30 20:27 75,264 --a------ c:\windows\system32\drivers\gaopdxserv.sys 2009-01-29 23:04 . 2009-01-30 21:37 <DIR> dr-h----- c:\documents and settings\Eigenaar\Onlangs geopend 2009-01-29 22:16 . 2009-01-30 15:38 4 --a------ c:\windows\system32\gaopdxcounter 2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Malwarebytes 2009-01-23 20:41 . 2009-01-23 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-23 20:41 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-23 20:41 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-23 20:36 . 2009-01-23 20:36 <DIR> d-------- c:\program files\Trend Micro 2009-01-23 19:02 . 2009-01-23 19:02 <DIR> d-------- c:\program files\InCode Solutions 2009-01-17 16:13 . 2009-01-17 16:13 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\GlarySoft 2009-01-17 13:51 . 2009-01-18 19:21 <DIR> d-------- c:\program files\a-squared Anti-Malware 2009-01-16 22:44 . 2009-01-16 23:14 <DIR> d-------- c:\program files\MSECACHE 2009-01-16 21:58 . 2009-01-16 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2009-01-15 21:34 . 2009-01-30 22:42 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\COWON 2009-01-14 20:36 . 2009-01-14 20:36 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-13 20:50 . 2009-01-16 23:01 <DIR> d-------- c:\program files\OpenOffice.org 3 2009-01-13 20:06 . 2009-01-16 23:01 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-01-12 22:34 . 2009-01-12 22:34 <DIR> d-------- c:\program files\IObit 2009-01-11 17:24 . 2009-01-11 17:24 <DIR> d-------- c:\program files\Common Files\Java 2009-01-10 23:07 . 2009-01-10 23:07 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Uniblue 2009-01-10 10:42 . 2009-01-30 21:03 <DIR> d-------- c:\program files\WinAVI Video Converter 2009-01-09 22:31 . 2009-01-09 22:31 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\OpenOffice.org 2009-01-09 22:28 . 2009-01-09 22:28 <DIR> d-------- c:\program files\readmes 2009-01-09 22:28 . 2009-01-09 22:28 <DIR> d-------- c:\program files\licenses 2009-01-07 21:54 . 2009-01-07 21:54 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\dBpoweramp 2009-01-07 21:53 . 2009-01-11 17:26 <DIR> d-------- c:\program files\AC3Filter 2008-12-29 08:54 . 2008-12-29 08:54 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Bitdefender 2008-12-29 08:53 . 2009-01-11 17:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender 2008-12-27 23:53 . 2008-12-27 23:53 603,904 --a------ c:\windows\system32\TUProgSt.exe 2008-12-27 23:53 . 2008-12-27 23:53 362,240 --a------ c:\windows\system32\TuneUpDefragService.exe 2008-12-27 23:53 . 2008-11-12 16:44 27,904 --a------ c:\windows\system32\uxtuneup.dll 2008-12-27 19:54 . 2008-12-27 19:54 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\TuneUp Software 2008-12-27 19:54 . 2008-12-27 19:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software 2008-12-27 19:54 . 2008-12-27 23:52 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-12-27 17:59 . 2008-12-27 18:01 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Smart PC Solutions 2008-12-26 23:00 . 2009-01-30 20:23 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft 2008-12-26 22:14 . 2008-12-26 22:23 23 --a------ c:\windows\DownloadStudio.INI 2008-12-26 21:51 . 2008-12-26 21:53 33 --a------ c:\windows\DownloadStudioScheduleMonitor.INI 2008-12-26 21:24 . 2009-01-16 23:00 <DIR> d-------- c:\program files\ffdshow 2008-12-21 21:34 . 2008-12-21 21:34 22,104 --a------ c:\documents and settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT 2008-12-19 11:01 . 2008-12-19 11:01 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Pegasys Inc 2008-12-18 22:43 . 2008-12-18 22:43 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Desktopicon 2008-12-17 22:50 . 2008-12-17 22:50 34 --ah----- c:\windows\system32\Converter_sysquict.dat 2008-12-17 21:45 . 2002-06-17 20:36 482,816 --a------ c:\windows\system32\VFCodec.dll 2008-12-17 21:18 . 2003-02-22 01:26 7,168 --a------ c:\windows\system\temp.000 2008-12-17 21:18 . 2003-02-22 01:25 5,120 --a------ c:\windows\system\temp.002 2008-12-17 21:18 . 2003-02-22 01:25 5,120 --a------ c:\windows\system\temp.001 2008-12-14 22:23 . 2008-12-14 22:23 <DIR> d-------- c:\documents and settings\Eigenaar\.divx 2008-12-14 22:20 . 2008-12-14 22:20 <DIR> d-------- c:\documents and settings\Eigenaar\.drdivx2 2008-12-11 10:56 . 2009-01-11 17:17 <DIR> d-------- c:\windows\SxsCaPendDel 2008-12-07 20:40 . 2003-02-22 01:26 7,168 --a------ c:\windows\system\vdremote.dll 2008-12-07 20:40 . 2003-02-22 01:25 5,120 --a------ c:\windows\system\vdsvrlnk.dll 2008-12-05 22:16 . 2008-12-05 22:40 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\Any Video Converter 2008-12-05 17:00 . 2008-12-05 17:00 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\NCH Swift Sound 2008-12-05 17:00 . 2008-12-05 17:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound 2008-12-05 17:00 . 2008-12-05 19:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Software 2008-12-05 16:59 . 2008-12-05 19:40 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\NCH Software 2008-12-04 22:50 . 2008-12-04 22:50 <DIR> d-------- c:\program files\CDisplay 2008-12-03 09:11 . 2009-01-14 20:36 410,984 --a------ c:\windows\system32\deploytk.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-30 22:00 81,984 -c--a-w c:\windows\system32\bdod.bin 2009-01-30 21:55 --------- d-----w c:\documents and settings\Eigenaar\Application Data\uTorrent 2009-01-30 21:39 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-30 19:31 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2009-01-23 20:38 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-17 12:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-11 17:36 77,824 ----a-w c:\windows\system32\xcomm.dll 2009-01-11 16:25 --------- d-----w c:\program files\Creative 2009-01-11 16:25 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2009-01-10 21:51 --------- d-----w c:\program files\Java 2008-12-21 16:12 73,216 ----a-w c:\windows\ST6UNST.EXE 2008-12-21 16:12 249,856 ------w c:\windows\Setup1.exe 2008-12-20 21:48 --------- d-----w c:\program files\DivX 2008-12-19 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-24 20:07 5,068,152 ----a-w c:\windows\system32\SpoonUninstall.exe 2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe 2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-11-21 21:45 823,296 ----a-w c:\windows\system32\divx_xx0c.dll 2008-11-21 21:45 823,296 ----a-w c:\windows\system32\divx_xx07.dll 2008-11-21 21:45 815,104 ----a-w c:\windows\system32\divx_xx0a.dll 2008-11-21 21:45 802,816 ----a-w c:\windows\system32\divx_xx11.dll 2008-11-21 21:45 684,032 ----a-w c:\windows\system32\DivX.dll 2008-11-21 21:45 57,344 ----a-w c:\windows\system32\dpv11.dll 2008-11-21 21:45 53,248 ----a-w c:\windows\system32\dpuGUI10.dll 2008-11-21 21:45 344,064 ----a-w c:\windows\system32\dpus11.dll 2008-11-21 21:45 294,912 ----a-w c:\windows\system32\dpu11.dll 2008-11-21 21:45 294,912 ----a-w c:\windows\system32\dpu10.dll 2008-11-21 21:44 161,096 -c--a-w c:\windows\system32\DivXCodecVersionChecker.exe 2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 -c--a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 -c--a-w c:\windows\system32\wups.dll 2008-10-03 10:05 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-07-29 13:54 87,608 -c--a-w c:\documents and settings\Eigenaar\Application Data\inst.exe 2008-07-29 13:54 47,360 -c--a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys 2008-10-21 18:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008092920081006\index.dat 2008-10-21 18:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008102120081022\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-07 160592] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2009-01-11 61440] "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-01-11 360448] "SMSERIAL"="sm56hlpr.exe" [2006-01-20 c:\windows\sm56hlpr.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.I263"= I263_32.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ :\windows\SYSTEM32\srrstr.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "86:TCP"= 86:TCP:BroadCam Web Server R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-02-27 34880] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-02-20 29056] R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-30 203280] R4 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016] R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-27 603904] S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?] S4 0017661233343878mcinstcleanup;McAfee Application Installer Cleanup (0017661233343878);c:\docume~1\Eigenaar\LOCALS~1\Temp\0017661233343878mcinst.exe c:\progra~1\COMMON~1\McAfee\Installer\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Eigenaar\LOCALS~1\Temp\0017661233343878mcinst.exe c:\progra~1\COMMON~1\McAfee\Installer\cleanup.ini -cleanup -nolog -service [?] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - AFFBBE87 *NewlyCreated* - MCAFEE_SITEADVISOR_SERVICE *Deregistered* - affbbe87 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5432a3-e505-11dc-944b-806d6172696f}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-6-6-62-100002160-100016978-100015098-3284.com c:\ \Shell\Open\command - c:\recycler\S-6-6-62-100002160-100016978-100015098-3284.com c:\ . Inhoud van de 'Gedeelde Taken' map 2009-01-16 c:\windows\Tasks\WinASORegistryOptimizerForEigenaar.job - c:\program files\WinASO\Registry Optimizer\RegOpt.exe [] . - - - - ORPHANS VERWIJDERD - - - - Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) . ------- Bijkomende Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Visit in &3D using ExitReality - ExitReality Trusted Zone: cheggit.net Trusted Zone: puretna.com . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-30 23:02:32 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys] "imagepath"="\systemroot\system32\drivers\gaopdxituwydlt.sys" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys] @DACL=(02 0000) "start"=dword:00000001 "type"=dword:00000001 "imagepath"=expand:"\\systemroot\\system32\\drivers\\gaopdxituwydlt.sys" "group"="file system" "userdata"=dword:00000002 . Voltooingstijd: 2009-01-30 23:05:48 ComboFix-quarantined-files.txt 2009-01-30 22:05:45 Pre-Run: 92.442.005.504 bytes beschikbaar Post-Run: 92,443,549,696 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 253 --- E O F --- 2009-01-29 19:32:50

:s Telkens ik op mijn laptop : Lokaal stationC wil openen (dubbelklik) krijg ik de melding dat Windows het bestand RECYCLER/en dan een aantal nummers + com niet kan vinden , wat kan ik daaraan doen , ik moet wel zeggen dat ik een paar dagen de laptop niet uit kreeg standaard via START en daarom heb ik dan de grote middellen ingezet via de power knop alles uit en opnieuw opstarten , geen goeie zet denk ik . Ik kan ook systeemherstel niet maken zodat de laptop naar een andere datum verplaatst is , hij hangt denk ik door een infectie van een virus of worm; ILogfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:27:46, on 30/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\BurnAware Professional\nmsaccessu.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Belgacom\bin\sprtsvc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: McAfee Application Installer Cleanup (0114421233256532) (0114421233256532mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\0114421233256532mcinst.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Professional\nmsaccessu.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 8319 bytes k geef hierbij een log bestand van Hjack

Probleem met generic worm is opgelost , MBAM heeft grote kuis gehouden , Bedankt voor de hulp en geduld voor mij , groetjes

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:36:25, on 23/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Belgacom\bin\sprtcmd.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\BurnAware Professional\nmsaccessu.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Belgacom\bin\sprtsvc.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Visit in &3D using ExitReality - ExitReality O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Professional\nmsaccessu.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 8881 bytes

bedankt voor de hulp er zijn 20 besmette gevaren weg zoals FAKE AGENT, TROJAN . Ik heb de 2 programmas op mijn computer en werken goed ; ik heb daarvoor een programma met de naam RemoveIt ProV4 afgehaald en scande evenveel gevaren zoals Malwarebytes mijn vraag is moet ik dat programma houden of niet ,anders werken er 3 anti-virus programma's Ik heb 2 logbestanden maar weet niet hoe ik dat kan bijzetten bij deze tekst , ben nog niet zo lang met computer vertrouwd (LEEK) groetjes Mario