Ga naar inhoud

ankar

Lid
  • Items

    17
  • Registratiedatum

  • Laatst bezocht

Over ankar

  • Verjaardag 06-03-1971

ankar's prestaties

  1. Volgens mij is nu alles ok de pc is weer supersnel en mijn bureaublad is terug Pfff gelukkig hier was ik nooit alleen uitgekomen. Bedankt voor alles!!!
  2. ComboFix 10-09-04.06 - annelies 06-09-2010 16:59:22.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.895.487 [GMT 2:00] Gestart vanuit: c:\documents and settings\annelies\Mijn documenten\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\annelies\Bureaublad\CFScript.txt AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\documents and settings\All Users\Application Data\AeGlBX1.dat" "c:\windows\explorer.PIF" "c:\windows\system32\drivers\zrvwducabgjp7.sys" "c:\windows\system32\stu2.exe" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\AeGlBX1.dat c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\cache.dat c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\config.xml c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\Downloaded Program Files\xaddon.dll c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\Downloaded Program Files\xaddon.inf c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\setup.exe c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\xaddon.cab c:\documents and settings\picture project\Local Settings\Application Data\Conduit c:\documents and settings\picture project\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=800208&fid=796027.xml c:\documents and settings\picture project\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks\en.xml c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1 c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___freetvbar_com_icons_dice_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___freetvbar_com_icons_drifting_games_png.png c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_alien16_png.png c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_dice_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_mario_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_poker_png.png c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_solitaire_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_sonic_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_sudoku_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_tetris_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_calculator_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_calendar_png.png c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_calories_png.png c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_clock_ico.ico c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_clothes_ico.ico c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_coins_png.png c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_datecalc_ico.ico c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_fileconverter_png.png c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_map_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_spellchecker_png.png c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_star_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_stopwatch_ico.ico c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_translator_png.png c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_unitconverter_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_widget_png.png c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_worddef_png.png c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_todo_img_favicon_ico.ico c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_633590753577643750_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_633629754211018750_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_634085821719851250_png.png c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_634146209956322500_png.png c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_634150506686742500_png.png c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_Email_xml-10-Classic-633439771938243750_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_SearchActivationButton-go_but01_gif-General-633629754908675000_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_chevron_menu_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_display_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_equalizer_dead_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_Equalizer_GIF.GIF c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_Error_GIF.GIF c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_Loading_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_maxi_dn_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_maxi_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_maxi_over_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_minimize_dn_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_minimize_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_minimize_over_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_dn_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_dn_mini_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_mini_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_over_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_over_mini_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_chevron_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_dn_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_dn_mini_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_mini_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_over_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_over_mini_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_slider_bg_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_slider_dn_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_slider_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_slider_over_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_stop_chevron_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_stop_dn_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_stop_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_stop_over_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_vol_dn_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_vol_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_vol_over_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_dictionary_search_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_ebay_search_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_encyc_search_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_shopping_search_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_weather_icon_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\AccountTypes.xml c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\aol.com.xml c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\comcast.net.xml c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\google.com.xml c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\hotmail.com.xml c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\yahoo.com.xml c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\ExternalComponent\http___oryte_com_content_translate_xml_tools_xml.xml c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\ExternalComponent\http___oryte_com_content_tv_xml_games_xml.xml c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\LanguagePack\en\LanguagePack.xml c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGong_16.png c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\RadioPlayer\IP_Stations_Media_List.xml c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\RadioPlayer\Predefined_Media_List.xml c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\RadioPlayer\Skins\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_display_xml.xml c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\Repository\conduit_CT2405725_CT2405725\ToolbarLogin\data.txt c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\Repository\conduit_CT2405725_CT2405725\ToolbarSettings\data.txt c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\SearchInNewTab\SearchInNewTabContent.xml c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\ThirdPartyComponents.xml c:\program files\Radio_Bar_1 c:\program files\Radio_Bar_1\INSTALL.LOG c:\program files\Radio_Bar_1\Radio_Bar_1ToolbarHelper.exe c:\program files\Radio_Bar_1\tbRadi.dll c:\program files\Radio_Bar_1\toolbar.cfg c:\program files\Radio_Bar_1\UNWISE.EXE c:\windows\explorer.PIF c:\windows\system32\stu2.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_zrvwducabgjp7 (((((((((((((((((((( Bestanden Gemaakt van 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))) . 2010-09-06 11:19 . 2010-09-06 11:19 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\PCHealth 2010-09-06 10:21 . 2010-09-06 10:21 -------- d-----w- c:\windows\system32\KB905474 2010-09-05 10:31 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-09-05 09:34 . 2010-09-05 09:34 -------- d-----w- c:\documents and settings\annelies\Application Data\Rabbit's Magic Adventures 2010-09-02 18:09 . 2010-09-02 18:09 -------- d-----w- c:\windows\system32\wbem\Repository 2010-09-02 16:36 . 2010-09-02 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Farm Fishes 2010-09-02 13:48 . 2010-09-02 13:49 -------- d-----w- c:\documents and settings\annelies\mail inge 2010-08-31 17:35 . 2010-09-06 14:50 -------- d--h--r- c:\documents and settings\annelies\Onlangs geopend 2010-08-31 13:37 . 2010-08-31 13:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-08-30 09:36 . 2010-08-30 09:36 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-08-30 08:04 . 2010-08-30 08:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Pando_Temp 2010-08-30 08:04 . 2010-08-30 08:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\GamersFirst LIVE! 2010-08-30 07:45 . 2010-08-30 07:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-08-30 07:11 . 2010-08-30 07:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-08-30 07:10 . 2010-08-30 07:10 74312 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-30 05:38 . 2010-08-30 05:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-08-27 08:41 . 2010-08-29 10:00 -------- d-----w- c:\program files\Mystery Stories - Berlin Nights 2010-08-26 13:04 . 2010-08-26 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Veronica&BoD 2010-08-24 18:36 . 2010-08-27 09:58 -------- d-----w- c:\documents and settings\annelies\Application Data\Roads Of Rome 2010-08-23 08:01 . 2010-08-23 08:01 -------- d-----r- c:\documents and settings\NetworkService\Favorieten 2010-08-21 14:43 . 2010-08-21 14:43 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\Pando_Temp 2010-08-21 14:43 . 2010-08-21 14:43 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\GamersFirst LIVE! 2010-08-21 14:42 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll 2010-08-21 14:42 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll 2010-08-21 14:42 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2010-08-21 14:42 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll 2010-08-21 14:42 . 2010-08-21 14:42 -------- d-----w- c:\windows\Logs 2010-08-21 14:26 . 2010-08-21 14:35 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\Download-DU 2010-08-21 14:26 . 2010-09-03 19:22 -------- d-----w- c:\program files\Download-DU 2010-08-20 16:39 . 2010-08-23 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3_Madagascar 2010-08-20 06:55 . 2010-08-20 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy 2010-08-20 06:50 . 2010-08-20 06:50 -------- d-----w- c:\program files\WorldOfGoo 2010-08-19 14:18 . 2010-08-19 14:19 -------- d-----w- c:\program files\BejeweledTwist 2010-08-19 07:18 . 2010-08-19 07:18 -------- d-----w- c:\program files\4 Elements - NL 2010-08-17 17:17 . 2010-08-17 17:17 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\TheLostKingdomProphecy 2010-08-16 12:24 . 2010-08-16 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualFarm 2010-08-15 15:16 . 2010-08-21 12:23 -------- d-----w- c:\documents and settings\picture project\Tracing 2010-08-13 11:27 . 2010-09-06 15:09 -------- d-----w- c:\documents and settings\annelies\Tracing 2010-08-13 11:23 . 2010-08-13 11:23 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2010-08-13 11:23 . 2010-04-28 05:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2010-08-13 11:22 . 2010-08-13 11:22 -------- d-----w- c:\program files\Microsoft Sync Framework 2010-08-13 11:21 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2010-08-13 11:21 . 2010-08-13 11:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-08-08 07:29 . 2010-09-04 07:17 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-08 07:28 . 2010-08-09 10:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-06 15:11 . 2008-11-02 11:14 -------- d-----w- c:\documents and settings\annelies\Application Data\BitTorrent 2010-09-06 14:59 . 2008-11-02 11:14 -------- d-----w- c:\program files\DNA 2010-09-06 14:39 . 2008-08-24 10:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-09-06 11:16 . 2001-09-07 12:00 92480 ----a-w- c:\windows\system32\perfc013.dat 2010-09-06 11:16 . 2001-09-07 12:00 512302 ----a-w- c:\windows\system32\perfh013.dat 2010-09-06 10:14 . 2010-03-10 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-09-03 20:43 . 2009-09-22 17:53 -------- d-----w- c:\program files\Games 2010-09-03 19:27 . 2009-02-14 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-03 13:31 . 2009-11-17 17:10 -------- d-----w- c:\program files\BitTorrent 2010-08-30 06:43 . 2007-11-13 21:13 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT 2010-08-30 06:43 . 2007-11-13 21:09 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT 2010-08-29 10:00 . 2009-04-24 15:06 -------- d-----w- c:\documents and settings\annelies\Application Data\cerasus.media 2010-08-21 14:43 . 2010-06-27 11:26 -------- d-----w- c:\program files\GamersFirst 2010-08-21 12:40 . 2007-11-13 21:21 74312 -c--a-w- c:\documents and settings\picture project\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-20 17:29 . 2010-05-21 11:10 -------- d-----w- c:\documents and settings\annelies\Application Data\CannyGames 2010-08-16 15:01 . 2010-02-24 20:46 -------- d-----w- c:\program files\Denda Games 2010-08-16 12:24 . 2009-05-17 14:15 -------- d-----w- c:\documents and settings\annelies\Application Data\Zylom 2010-08-16 12:22 . 2009-05-17 14:15 -------- d-----w- c:\program files\Zylom Games 2010-08-15 09:32 . 2009-11-18 19:25 -------- d-----w- c:\documents and settings\annelies\Application Data\uTorrent 2010-08-13 11:23 . 2009-11-10 10:46 -------- d-----w- c:\program files\Microsoft 2010-08-13 11:23 . 2008-03-13 06:23 -------- d-----w- c:\program files\Windows Live 2010-07-22 08:42 . 2009-11-02 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper 2010-07-17 22:35 . 2007-12-14 15:16 -------- d-----w- c:\documents and settings\annelies\Application Data\LimeWire 2010-07-17 10:49 . 2009-03-12 14:16 -------- d-----w- c:\program files\QuickTime 2010-07-17 07:41 . 2008-11-02 11:14 -------- d-----w- c:\documents and settings\annelies\Application Data\DNA 2010-07-17 07:40 . 2010-07-13 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-07-16 04:36 . 2010-07-16 04:36 -------- d-----w- c:\documents and settings\annelies\Application Data\AVG9 2010-07-13 20:42 . 2007-11-17 14:51 -------- d-----w- c:\program files\WarRock 2010-07-13 20:42 . 2007-10-28 20:06 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-13 19:26 . 2008-11-05 17:31 -------- d-----w- c:\program files\Vuze 2010-07-13 18:39 . 2010-04-09 17:11 -------- d-----w- c:\program files\OXXOGames 2010-07-13 17:30 . 2010-04-09 17:13 -------- d-----w- c:\program files\GAMESVOORIEDEREEN.NL 2010-07-13 17:21 . 2010-02-28 10:17 -------- d-----w- c:\program files\Brickshooter Egypt 2010-07-13 14:38 . 2008-05-25 09:03 -------- d-----w- c:\program files\AVG 2010-07-13 07:43 . 2007-11-01 20:30 74312 -c--a-w- c:\documents and settings\annelies\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-12 08:31 . 2007-12-28 14:16 -------- d-----w- c:\program files\Google 2010-07-12 08:03 . 2009-11-02 17:28 -------- d-----w- c:\program files\Alawar 2010-07-12 08:00 . 2008-08-27 09:40 -------- d-----w- c:\program files\Disney Interactive 2010-07-12 04:39 . 2010-06-27 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2010-06-30 12:33 . 2004-08-03 23:03 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-28 20:57 . 2010-07-17 07:39 38848 ----a-w- c:\windows\avastSS.scr 2010-06-28 20:57 . 2010-07-17 07:39 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-06-28 20:37 . 2010-07-17 07:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-06-28 20:37 . 2010-07-17 07:39 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-06-28 20:33 . 2010-07-17 07:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-06-28 20:32 . 2010-07-17 07:39 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-06-28 20:32 . 2010-07-17 07:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-06-28 20:32 . 2010-07-17 07:39 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-06-28 20:32 . 2010-07-17 07:39 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-06-24 12:27 . 2004-08-03 23:03 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 09:02 . 2004-08-03 22:56 1852032 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-03 23:03 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2007-10-28 18:45 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:43 . 2004-08-03 23:03 1172480 ----a-w- c:\windows\system32\msxml3.dll . <pre> c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\QuickTime\qttask .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080] "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-09-03 689016] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-01 7634944] "nwiz"="nwiz.exe" [2007-10-01 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-01 86016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^GamersFirst LIVE!.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\GamersFirst LIVE!.lnk backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] 2010-09-03 11:05 689016 ----a-w- c:\program files\BitTorrent\BitTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "d:\\limewire\\LimeWire.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56881:TCP"= 56881:TCP:Pando Media Booster "56881:UDP"= 56881:UDP:Pando Media Booster "57213:TCP"= 57213:TCP:Pando Media Booster "57213:UDP"= 57213:UDP:Pando Media Booster "57709:TCP"= 57709:TCP:Pando Media Booster "57709:UDP"= 57709:UDP:Pando Media Booster R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [27-5-2009 20:46 11392] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17-7-2010 9:39 165456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17-7-2010 9:39 17744] S2 gupdate1ca051781944026;Google Updateservice (gupdate1ca051781944026);c:\program files\Google\Update\GoogleUpdate.exe [15-7-2009 8:43 133104] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [28-10-2007 20:53 20160] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13-11-2008 17:23 721904] . Inhoud van de 'Gedeelde Taken' map 2010-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 06:43] 2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 06:43] 2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{5F9B21F2-C498-4B1E-86D8-424A9D80C29C}.job - c:\windows\system32\msfeedssync.exe [2007-10-28 02:31] 2010-09-06 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-09-06 20:18] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://www.google.com mStart Page = hxxp://www.shareware-ne.com/nl/index.php?rvs=hompag mSearch Bar = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab . - - - - ORPHANS VERWIJDERD - - - - AddRemove-Radio_Bar_1 Toolbar - c:\progra~1\RADIO_~1\UNWISE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-06 17:08 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\X «S*I*D*\{040CAC3F-C5B9-4F74-864D-278BFE103668}\InprocServer32] @="c:\\WINDOWS\\System32\\dx8vb32.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(1932) c:\windows\system32\webcheck.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Voltooingstijd: 2010-09-06 17:14:33 - machine werd herstart ComboFix-quarantined-files.txt 2010-09-06 15:14 ComboFix2.txt 2010-09-06 11:39 Pre-Run: 96.725.037.056 bytes beschikbaar Post-Run: 96.703.463.424 bytes beschikbaar Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - E0312B8EE807A6A89A20F663F79C86EF Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:15:29, on 6-9-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\BitTorrent\BitTorrent.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Updateservice (gupdate1ca051781944026) (gupdate1ca051781944026) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7819 bytes
  3. Yes gelukt!!!! Hier komt ie: ComboFix 10-09-04.06 - annelies 06-09-2010 13:19:15.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.895.535 [GMT 2:00] Gestart vanuit: c:\documents and settings\annelies\Mijn documenten\Downloads\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Voorgaande Run ------- . c:\documents and settings\All Users\Application Data\Caelum c:\documents and settings\All Users\Application Data\Caelum\hs.cpf c:\documents and settings\All Users\Application Data\Caelum\save.cpf c:\documents and settings\annelies\Application Data\020000009668dea8705C.manifest c:\documents and settings\annelies\Application Data\020000009668dea8705O.manifest c:\documents and settings\annelies\Application Data\020000009668dea8705P.manifest c:\documents and settings\annelies\Application Data\020000009668dea8705S.manifest c:\documents and settings\annelies\Application Data\A44C0DDB49747E2AAF1E548EFCB78D58 c:\documents and settings\annelies\Application Data\A44C0DDB49747E2AAF1E548EFCB78D58\enemies-names.txt c:\documents and settings\annelies\Application Data\A44C0DDB49747E2AAF1E548EFCB78D58\local.ini c:\documents and settings\annelies\Application Data\GrabIt c:\documents and settings\annelies\Application Data\GrabIt\Batch.gba c:\documents and settings\annelies\Application Data\inst.exe c:\documents and settings\annelies\Application Data\PriceGong c:\documents and settings\annelies\Application Data\PriceGong\Data\1.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\a.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\b.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\c.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\d.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\e.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\f.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\g.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\h.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\i.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\J.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\k.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\l.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\m.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\mru.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\n.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\o.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\p.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\q.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\r.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\s.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\t.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\u.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\v.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\w.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\x.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\y.xml c:\documents and settings\annelies\Application Data\PriceGong\Data\z.xml c:\documents and settings\annelies\Favorieten\Videos.url c:\documents and settings\annelies\Local Settings\Application Data\Carta c:\documents and settings\annelies\Local Settings\Application Data\Carta\Carta.ini c:\documents and settings\annelies\Menu Start\Programma's\Videos.url c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server\server.dat c:\documents and settings\picture project\Application Data\PriceGong c:\documents and settings\picture project\Application Data\PriceGong\Data\1.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\a.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\b.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\c.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\d.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\e.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\f.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\g.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\h.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\i.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\J.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\k.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\l.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\m.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\mru.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\n.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\o.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\p.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\q.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\r.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\s.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\t.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\u.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\v.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\w.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\x.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\y.xml c:\documents and settings\picture project\Application Data\PriceGong\Data\z.xml C:\Install.exe c:\temp\vtmp2 c:\windows\system32\ca2bde06-be91-ee0e-1afb-cec70a86abd7.exe C:\xcrashdump.dat Besmet exemplaar van c:\windows\system32\winlogon.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\winlogon.exe Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\system volume information\_restore{0CA45D97-5522-4CD1-9A68-1352F337E61E}\RP6\A0005542.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_KWANZY_SERVICE (((((((((((((((((((( Bestanden Gemaakt van 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))) . 2010-09-06 11:19 . 2010-09-06 11:19 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\PCHealth 2010-09-06 10:21 . 2010-09-06 10:21 -------- d-----w- c:\windows\system32\KB905474 2010-09-05 10:31 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-09-05 09:34 . 2010-09-05 09:34 -------- d-----w- c:\documents and settings\annelies\Application Data\Rabbit's Magic Adventures 2010-09-03 14:13 . 2010-09-03 14:13 2855 ----a-w- c:\windows\explorer.PIF 2010-09-02 18:09 . 2010-09-02 18:09 -------- d-----w- c:\windows\system32\wbem\Repository 2010-09-02 16:36 . 2010-09-02 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Farm Fishes 2010-09-02 13:48 . 2010-09-02 13:49 -------- d-----w- c:\documents and settings\annelies\mail inge 2010-08-31 17:35 . 2010-09-06 09:22 -------- d--h--r- c:\documents and settings\annelies\Onlangs geopend 2010-08-31 13:37 . 2010-08-31 13:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-08-30 09:36 . 2010-08-30 09:36 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-08-30 08:04 . 2010-08-30 08:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Pando_Temp 2010-08-30 08:04 . 2010-08-30 08:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\GamersFirst LIVE! 2010-08-30 07:45 . 2010-08-30 07:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-08-30 07:11 . 2010-08-30 07:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-08-30 07:10 . 2010-08-30 07:10 74312 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-30 05:38 . 2010-08-30 05:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-08-29 21:18 . 2008-04-14 17:03 26112 ----a-w- c:\windows\system32\stu2.exe 2010-08-27 08:41 . 2010-08-29 10:00 -------- d-----w- c:\program files\Mystery Stories - Berlin Nights 2010-08-26 13:04 . 2010-08-26 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Veronica&BoD 2010-08-24 18:36 . 2010-08-27 09:58 -------- d-----w- c:\documents and settings\annelies\Application Data\Roads Of Rome 2010-08-23 08:01 . 2010-08-23 08:01 -------- d-----r- c:\documents and settings\NetworkService\Favorieten 2010-08-21 14:43 . 2010-08-21 14:43 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\Pando_Temp 2010-08-21 14:43 . 2010-08-21 14:43 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\GamersFirst LIVE! 2010-08-21 14:42 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll 2010-08-21 14:42 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll 2010-08-21 14:42 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2010-08-21 14:42 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll 2010-08-21 14:42 . 2010-08-21 14:42 -------- d-----w- c:\windows\Logs 2010-08-21 14:26 . 2010-08-21 14:35 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\Download-DU 2010-08-21 14:26 . 2010-09-03 19:22 -------- d-----w- c:\program files\Download-DU 2010-08-20 16:39 . 2010-08-23 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3_Madagascar 2010-08-20 06:55 . 2010-08-20 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy 2010-08-20 06:50 . 2010-08-20 06:50 -------- d-----w- c:\program files\WorldOfGoo 2010-08-19 14:18 . 2010-08-19 14:19 -------- d-----w- c:\program files\BejeweledTwist 2010-08-19 07:18 . 2010-08-19 07:18 -------- d-----w- c:\program files\4 Elements - NL 2010-08-17 17:17 . 2010-08-17 17:17 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\TheLostKingdomProphecy 2010-08-17 14:29 . 2010-09-02 18:30 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar 2010-08-16 12:24 . 2010-08-16 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualFarm 2010-08-15 15:24 . 2010-08-15 15:24 -------- d-----w- c:\documents and settings\picture project\Local Settings\Application Data\Conduit 2010-08-15 15:24 . 2010-08-15 15:24 -------- d-----w- c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1 2010-08-15 15:16 . 2010-08-21 12:23 -------- d-----w- c:\documents and settings\picture project\Tracing 2010-08-13 11:27 . 2010-09-06 11:33 -------- d-----w- c:\documents and settings\annelies\Tracing 2010-08-13 11:23 . 2010-08-13 11:23 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2010-08-13 11:23 . 2010-04-28 05:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2010-08-13 11:22 . 2010-08-13 11:22 -------- d-----w- c:\program files\Microsoft Sync Framework 2010-08-13 11:21 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2010-08-13 11:21 . 2010-08-13 11:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-08-08 07:29 . 2010-09-04 07:17 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-08 07:28 . 2010-08-09 10:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-06 11:33 . 2008-11-02 11:14 -------- d-----w- c:\documents and settings\annelies\Application Data\BitTorrent 2010-09-06 11:16 . 2001-09-07 12:00 92480 ----a-w- c:\windows\system32\perfc013.dat 2010-09-06 11:16 . 2001-09-07 12:00 512302 ----a-w- c:\windows\system32\perfh013.dat 2010-09-06 11:14 . 2008-08-24 10:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-09-06 10:14 . 2010-03-10 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-09-03 20:43 . 2009-09-22 17:53 -------- d-----w- c:\program files\Games 2010-09-03 19:27 . 2009-02-14 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-03 19:22 . 2010-05-02 12:36 -------- d-----w- c:\program files\Radio_Bar_1 2010-09-03 13:31 . 2009-11-17 17:10 -------- d-----w- c:\program files\BitTorrent 2010-08-30 06:43 . 2007-11-13 21:13 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT 2010-08-30 06:43 . 2007-11-13 21:09 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT 2010-08-29 10:00 . 2009-04-24 15:06 -------- d-----w- c:\documents and settings\annelies\Application Data\cerasus.media 2010-08-21 14:43 . 2010-06-27 11:26 -------- d-----w- c:\program files\GamersFirst 2010-08-21 12:40 . 2007-11-13 21:21 74312 -c--a-w- c:\documents and settings\picture project\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-20 17:29 . 2010-05-21 11:10 -------- d-----w- c:\documents and settings\annelies\Application Data\CannyGames 2010-08-16 15:01 . 2010-02-24 20:46 -------- d-----w- c:\program files\Denda Games 2010-08-16 12:24 . 2009-05-17 14:15 -------- d-----w- c:\documents and settings\annelies\Application Data\Zylom 2010-08-16 12:22 . 2009-05-17 14:15 -------- d-----w- c:\program files\Zylom Games 2010-08-15 09:32 . 2009-11-18 19:25 -------- d-----w- c:\documents and settings\annelies\Application Data\uTorrent 2010-08-13 11:23 . 2009-11-10 10:46 -------- d-----w- c:\program files\Microsoft 2010-08-13 11:23 . 2008-03-13 06:23 -------- d-----w- c:\program files\Windows Live 2010-07-22 08:42 . 2009-11-02 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper 2010-07-17 22:35 . 2007-12-14 15:16 -------- d-----w- c:\documents and settings\annelies\Application Data\LimeWire 2010-07-17 10:49 . 2009-03-12 14:16 -------- d-----w- c:\program files\QuickTime 2010-07-17 07:45 . 2008-11-02 11:14 -------- d-----w- c:\program files\DNA 2010-07-17 07:41 . 2008-11-02 11:14 -------- d-----w- c:\documents and settings\annelies\Application Data\DNA 2010-07-17 07:41 . 2010-07-17 07:10 112 ----a-w- c:\documents and settings\All Users\Application Data\AeGlBX1.dat 2010-07-17 07:40 . 2010-07-13 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-07-16 04:36 . 2010-07-16 04:36 -------- d-----w- c:\documents and settings\annelies\Application Data\AVG9 2010-07-13 20:42 . 2007-11-17 14:51 -------- d-----w- c:\program files\WarRock 2010-07-13 20:42 . 2007-10-28 20:06 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-13 19:26 . 2008-11-05 17:31 -------- d-----w- c:\program files\Vuze 2010-07-13 18:39 . 2010-04-09 17:11 -------- d-----w- c:\program files\OXXOGames 2010-07-13 17:30 . 2010-04-09 17:13 -------- d-----w- c:\program files\GAMESVOORIEDEREEN.NL 2010-07-13 17:21 . 2010-02-28 10:17 -------- d-----w- c:\program files\Brickshooter Egypt 2010-07-13 14:38 . 2008-05-25 09:03 -------- d-----w- c:\program files\AVG 2010-07-13 07:43 . 2007-11-01 20:30 74312 -c--a-w- c:\documents and settings\annelies\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-12 08:31 . 2007-12-28 14:16 -------- d-----w- c:\program files\Google 2010-07-12 08:03 . 2009-11-02 17:28 -------- d-----w- c:\program files\Alawar 2010-07-12 08:00 . 2008-08-27 09:40 -------- d-----w- c:\program files\Disney Interactive 2010-07-12 04:39 . 2010-06-27 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2010-06-30 12:33 . 2004-08-03 23:03 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-28 20:57 . 2010-07-17 07:39 38848 ----a-w- c:\windows\avastSS.scr 2010-06-28 20:57 . 2010-07-17 07:39 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-06-28 20:37 . 2010-07-17 07:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-06-28 20:37 . 2010-07-17 07:39 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-06-28 20:33 . 2010-07-17 07:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-06-28 20:32 . 2010-07-17 07:39 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-06-28 20:32 . 2010-07-17 07:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-06-28 20:32 . 2010-07-17 07:39 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-06-28 20:32 . 2010-07-17 07:39 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-06-24 12:27 . 2004-08-03 23:03 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 09:02 . 2004-08-03 22:56 1852032 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-03 23:03 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2007-10-28 18:45 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:43 . 2004-08-03 23:03 1172480 ----a-w- c:\windows\system32\msxml3.dll . <pre> c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\AVG\AVG9\avgtray .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\Common Files\Ahead\Lib\NeroCheck .exe c:\program files\Common Files\Ahead\Lib\NMBgMonitor .exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon .exe c:\program files\DNA\btdna .exe c:\program files\HP\HP Software Update\HPWuSchd2 .exe c:\program files\Java\jre6\bin\jusched .exe c:\program files\Microsoft Office\Office12\GrooveMonitor .exe c:\program files\Pando Networks\Media Booster\PMB .exe c:\program files\QuickTime\qttask .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080] "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-09-03 689016] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-01 7634944] "nwiz"="nwiz.exe" [2007-10-01 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-01 86016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^GamersFirst LIVE!.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\GamersFirst LIVE!.lnk backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] 2010-09-03 11:05 689016 ----a-w- c:\program files\BitTorrent\BitTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "d:\\limewire\\LimeWire.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56881:TCP"= 56881:TCP:Pando Media Booster "56881:UDP"= 56881:UDP:Pando Media Booster "57213:TCP"= 57213:TCP:Pando Media Booster "57213:UDP"= 57213:UDP:Pando Media Booster "57709:TCP"= 57709:TCP:Pando Media Booster "57709:UDP"= 57709:UDP:Pando Media Booster R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [27-5-2009 20:46 11392] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17-7-2010 9:39 165456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17-7-2010 9:39 17744] S1 zrvwducabgjp7;zrvwducabgjp7;c:\windows\system32\drivers\zrvwducabgjp7.sys --> c:\windows\system32\drivers\zrvwducabgjp7.sys [?] S2 gupdate1ca051781944026;Google Updateservice (gupdate1ca051781944026);c:\program files\Google\Update\GoogleUpdate.exe [15-7-2009 8:43 133104] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [28-10-2007 20:53 20160] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13-11-2008 17:23 721904] . Inhoud van de 'Gedeelde Taken' map 2010-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 06:43] 2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 06:43] 2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{5F9B21F2-C498-4B1E-86D8-424A9D80C29C}.job - c:\windows\system32\msfeedssync.exe [2007-10-28 02:31] 2010-09-06 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-09-06 20:18] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://www.google.com mStart Page = hxxp://www.shareware-ne.com/nl/index.php?rvs=hompag mSearch Bar = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{5B6BCEFC-3466-4ED3-8853-8266BA4D1AD1} - (no file) WebBrowser-{0FC85F5D-6207-4515-A490-45A549D285C0} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{E21F584C-5746-4AA1-84FD-ADE09EDBC0BD} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{46CF08E6-2E94-478C-94FD-8B2140C6FF10} - (no file) AddRemove-ca2bde06-be91-ee0e-1afb-cec70a86abd7 - c:\windows\system32\ca2bde06-be91-ee0e-1afb-cec70a86abd7.exe AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-06 13:32 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\X «S*I*D*\{040CAC3F-C5B9-4F74-864D-278BFE103668}\InprocServer32] @="c:\\WINDOWS\\System32\\dx8vb32.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(3908) c:\windows\system32\webcheck.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Voltooingstijd: 2010-09-06 13:39:26 - machine werd herstart ComboFix-quarantined-files.txt 2010-09-06 11:39 Pre-Run: 96.720.969.728 bytes beschikbaar Post-Run: 96.749.903.872 bytes beschikbaar Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 74C64E8B948E76566ECF7F06B42708FB
  4. Sorry dit bestand is niet aanwezig wat nu te doen?
  5. IK krijg het niet voor elkaar ik doe dit bovenstaande verhaal in de veilige modus, als combofix de pc zelf herstart komt ie in de normale modus en maakt combofis geen log bestand. Wat moet ik nu??
  6. Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4537 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 3-9-2010 21:39:35 mbam-log-2010-09-03 (21-39-35).txt Scantype: Snelle scan Objecten gescand: 178249 Verstreken tijd: 8 minuut/minuten, 48 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 18 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 3 Mappen geïnfecteerd: 2 Bestanden geïnfecteerd: 8 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\ca.cab (Trojan.SearchRedir.M) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ca.cab.1 (Trojan.SearchRedir.M) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8b2c7c9d-716d-4e9e-9358-b9c80a81b7ed} (Adware.Adparatus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} (Trojan.SearchRedir.M) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8b2c7c9d-716d-4e9e-9358-b9c80a81b7ed} (Adware.Adparatus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5cbf8c22-e9a6-11d7-90fe-000ae4012db4} (Switch.Dialer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} (Trojan.SearchRedir.M) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\resultdns (Adware.ResultDns) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\MarketPrecision\Adparatus (Adware.Adparatus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\MarketPrecision\DuhikiToolbar (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhereSphere (Adware.WhereSphere) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\WhereSphere (Adware.WhereSphere) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Adparatus (Adware.Adparatus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (Removing Tango Search / Tango Toolbar - WebAnswers.com) Good: (Google) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (Removing Tango Search / Tango Toolbar - WebAnswers.com) Good: (Google) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (searchdirectnow.com) Good: (Google) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\Documents and Settings\All Users\Application Data\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\0.3010747025815207.exe (Trojan.PWS) -> Quarantined and deleted successfully. C:\Documents and Settings\annelies\Local Settings\Temp\ie15.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\ResultDns\resultdns111.exe (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files\ResultDns\resultdns.exe (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files\ResultDns\uninstall.exe (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Documents and Settings\annelies\Application Data\usernt.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\annelies\Local Settings\Temp\in1A.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:50:02, on 3-9-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\annelies\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\annelies\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\annelies\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/stg_drm.ocx O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Updateservice (gupdate1ca051781944026) (gupdate1ca051781944026) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8518 bytes Ok ik heb alles gedaan wat u vroeg kon alleen 04 global startup gamesfirst live niet wegdoen omdat dit er niet bijstond. Wat is er toch aan de hand?? In ieder geval alvast bedankt dat u me wil helpen
  7. Sorry ik kreeg het even niet voor elkaar maar volgens mij is dit nu gelukt??? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:31:34, on 3-9-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\winlogon.exe C:\Documents and Settings\annelies\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\annelies\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\annelies\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Removing Tango Search / Tango Toolbar - WebAnswers.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchdirectnow.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Removing Tango Search / Tango Toolbar - WebAnswers.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRad1.dll R3 - URLSearchHook: Download-DU Toolbar - {46cf08e6-2e94-478c-94fd-8b2140c6ff10} - C:\Program Files\Download-DU\tbDown.dll O2 - BHO: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRad1.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Download-DU Toolbar - {46cf08e6-2e94-478c-94fd-8b2140c6ff10} - C:\Program Files\Download-DU\tbDown.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CCAB - {C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A} - C:\WINDOWS\system32\EjMS70s5.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRad1.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Download-DU Toolbar - {46cf08e6-2e94-478c-94fd-8b2140c6ff10} - C:\Program Files\Download-DU\tbDown.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-21-1078081533-1637723038-682003330-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator') O4 - HKUS\S-1-5-21-1078081533-1637723038-682003330-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'Administrator') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: syscron.exe O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/stg_drm.ocx O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\WINDOWS\System32\duser32.dll O20 - Winlogon Notify: a852a5eb705 - C:\WINDOWS\System32\duser32.dll (file missing) O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Remote Connections Service (FlexService) - Unknown owner - C:\Program Files\RapidBIT\cisvc.exe (file missing) O23 - Service: Google Updateservice (gupdate1ca051781944026) (gupdate1ca051781944026) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ResultDns Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\ResultDns\resultdns111.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10819 bytes
  8. ja in de beveiligde modus heb ik wel bureaublad alleen de iconen/symbolen zijn wat groter dan normaal
  9. bovenstaande ook geprobeerd maar krijg dezelfde melding dat ik geen toegang kan krijgen
  10. Heb het bovenstaande ook geprobeert ik krijg dan als melding: kan geen toegang krijgen tot bestand/pad
  11. Hallo, ik heb xp maar niet de originele schijf. Ik heb dat al geprobeert met explorer.exe maar dat geeft ie aan niet te kennen of niet te kunnen vinden, wat nu??? Iemand een idee
  12. Hallo allemaal ik heb een probleem, mijn bureaublad is verdwenen. Alle iconen zijn weg en de balk van start en zo. Ik kan wel opstarten in de beveiligde modus maar geen nieuw herstelpunt maken. Met Ctrl/Alt/del kan ik wel opstarten, maar hoe krijg ik de boel weer terug en wat is er aan de hand. Gisteren deed alles weer normaal en vanmorgen weer alles weg. Heb ik een virus en wat moet ik doen. Ik ben een leek
  13. Geen problemen meer!!!! Heel erg bedankt voor uw hulp!!!
  14. Iedereen kan wat over het hoofd zien, maar ik dacht dat ik een niet te verhelpen probleem heb of had. Ik heb uw instructies opgevolgd en hier volgt de log: Malwarebytes' Anti-Malware 1.34 Database versie: 1749 Windows 5.1.2600 Service Pack 2 14-2-2009 19:20:43 mbam-log-2009-02-14 (19-20-43).txt Scan type: Snelle Scan Objecten gescand: 78654 Verstreken tijd: 3 minute(s), 57 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 16 Registerwaarden geïnfecteerd: 1 Registerdata bestanden geïnfecteerd: 5 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 10 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{733716e1-76d2-4003-ac39-845281c0ef85} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fc3c36d-7635-4d43-ba62-0d9d2f2cd06e} (Adware.Fotomoto) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c17e102b-bd29-4e92-b699-1a21d2cb8e6c} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{964bf54a-a147-4b3f-9540-6c40cc6b9d8c} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coolplay (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\superiorads (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{859ddeb4-4dbd-491b-99df-5ffd88afaa23}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.18,85.255.112.61 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{859ddeb4-4dbd-491b-99df-5ffd88afaa23}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.18,85.255.112.61 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{859ddeb4-4dbd-491b-99df-5ffd88afaa23}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.18,85.255.112.61 -> Quarantined and deleted successfully. Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: C:\WINDOWS\system32\myss_sb_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\{f0357839-093f-6152-71cb-8187fa29836c}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\superiorads-uninst.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gaopdxefyxeyxj.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\gaopdxftheepxm.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\gaopdxmlhosdpp.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\gaopdxpepxexma.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\gaopdxvclboxnv.sys (Trojan.Agent) -> Quarantined and deleted successfully. Moet ik verder nog iets doen??? Groeten Ankar En hier de nieuwe hijack log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:29:45, on 14-2-2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\DNA\btdna.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buienradar.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.kindl.at/plugin/mssurvid.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp07.photoprintit.de/microsite/12247/defaults/activex/IPSUploader.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 7957 bytes
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.