Sweeky

Waar vind ik da?

Nee dat is het niet.

Xp en het word echt een probleem.

Sinds maandag kan ik niet meer verbinden met draadloze netwerkverbinding. Ik heb bij Windows Taakbeheer per ongeluk iets uitgeschakeld maar ik weet niet meer wat. Nu kan ik alleen verbinden via een kabel. Kan iemand mij alsjeblieft helpen?

Nee al een tijd niet meer. In mijn menu Start zie ik terug Alle programma's en mijn VIRUS ALERT! na mijnt ijd is ook weg. Dus ik denk dat het virus eindelijk weg is. Bedankt voor alles. Groeten, Mickaël

HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:04, on 10/03/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CreativeEMI\MediaSource\Detector\CTDetect.exe C:\Program Files\SpywareGuard\sgmain.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\CreativeEMI\MediaSource\Detector\CTDetect.exe /R O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: PnkBstrA (pnkbstra) - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Spooler - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing) O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O24 - Desktop Component 0: Privacy Protection - (no file) -- End of file - 7376 bytes ComboFix log: ComboFix 09-03-06.02 - Mickael Meynckens 2009-03-10 16:56:04.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.478.74 [GMT 1:00] Gestart vanuit: c:\documents and settings\Mickael Meynckens\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Mickael Meynckens\Bureaublad\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090309-0] *On-access scanning enabled* (Updated) * Nieuw herstelpunt werd aangemaakt FILE :: c:\windows\system32\8.tmp c:\windows\system32\drivers\ec23213a.sys c:\windows\system32\nsq303.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\ec23213a.sys c:\windows\system32\nsq303.dll . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))) . 2009-03-09 20:15 . 2009-03-09 20:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-09 20:15 . 2009-03-09 20:15 <DIR> d-------- c:\documents and settings\Mickael Meynckens\Application Data\Malwarebytes 2009-03-09 20:15 . 2009-03-09 20:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-09 20:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-09 20:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-09 17:07 . 2009-03-09 17:07 <DIR> d-------- c:\program files\Trend Micro 2009-03-02 09:30 . 2009-03-02 09:30 <DIR> d-------- c:\program files\TI Education 2009-03-01 22:31 . 2009-03-01 22:31 7,680 --ahs---- c:\windows\Thumbs.db 2009-02-27 11:49 . 2009-03-07 19:36 <DIR> d-------- c:\program files\Cheat Engine 2009-02-27 11:49 . 2006-09-04 19:16 1,970,176 --a------ c:\windows\system32\d3dx9.dll 2009-02-27 11:49 . 2006-09-04 19:16 679,936 --a------ c:\windows\system32\D3DX81ab.dll 2009-02-26 15:01 . 2003-07-19 16:17 5,174 --a------ c:\windows\system32\nppt9x.vxd 2009-02-26 15:01 . 2005-01-03 07:43 4,682 --a------ c:\windows\system32\npptNT2.sys 2009-02-26 15:00 . 2009-02-26 15:00 <DIR> d-------- c:\program files\Common Files\INCA Shared 2009-02-26 14:36 . 2009-02-26 21:07 <DIR> d-------- C:\AeriaGames 2009-02-26 14:34 . 2009-02-26 14:34 <DIR> d-------- c:\documents and settings\Mickael Meynckens\Application Data\InstallShield 2009-02-25 12:00 . 2009-01-09 20:18 1,089,891 -----c--- c:\windows\system32\dllcache\ntprint.cat 2009-02-24 21:13 . 2009-02-24 21:13 <DIR> d-------- c:\documents and settings\All Users\MAYN Games 2009-02-20 22:55 . 2009-02-20 22:55 <DIR> d-------- c:\program files\Ubisoft 2009-02-17 17:57 . 2009-02-17 17:57 <DIR> d-------- c:\documents and settings\Mickael Meynckens\Application Data\MySpace . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-07 23:47 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-07 19:06 --------- d-----w c:\program files\LimeWire 2009-03-01 23:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-01 17:13 --------- d-----w c:\documents and settings\Mickael Meynckens\Application Data\DNA 2009-02-26 09:46 --------- d-----w c:\program files\DNA 2009-02-21 12:42 2,864 ----a-w c:\windows\system32\winsock.dll 2009-02-05 12:16 --------- d-----w c:\program files\Reference Assemblies 2009-02-05 12:16 --------- d-----w c:\program files\MSBuild 2009-02-05 12:05 --------- d-----w c:\program files\MSXML 6.0 2008-12-28 13:53 31 ----a-w c:\documents and settings\Mickael Meynckens\jagex_runescape_preferences.dat 2008-12-24 11:53 201,352 ----a-w c:\windows\system32\PnkBstrB.exe 2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll 2008-09-12 18:47 22,328 ----a-w c:\documents and settings\Mickael Meynckens\Application Data\PnkBstrK.sys 2006-12-18 23:03 507,904 ----a-w c:\program files\ie-spyad.exe 2006-12-18 23:00 125,388 ----a-w c:\program files\hosts.zip 2006-12-18 22:51 670 ----a-w c:\program files\SpywareGuard LiveUpdate.lnk 2006-12-18 22:51 638 ----a-w c:\program files\SpywareGuard.lnk 2006-12-18 22:41 690 ----a-w c:\program files\SpywareBlaster.lnk 2006-12-17 21:57 381,390 ----a-w c:\program files\combofix.exe 2006-12-17 20:34 5,426,588 ----a-w c:\program files\drweb-cureit.exe 2006-12-17 13:16 849 ----a-w c:\program files\AVG Anti-Spyware.lnk 2006-12-17 12:54 99,622 ----a-w c:\program files\sedebugfix.exe 2006-12-17 12:26 1,182,183 ----a-w c:\program files\sarsfx.exe 2006-08-01 19:38 10,973,128 ----a-w c:\program files\setupdutALVAST.exe 2008-09-05 18:42 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008081820080825\index.dat 2008-09-12 18:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090120080908\index.dat 2008-09-12 19:51 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008091220080913\index.dat 2008-09-13 09:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008091320080914\index.dat 2008-09-13 21:32 49,152 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-09_22.27.04.87 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-10 15:49:30 16,384 --sha-w c:\windows\Temp\Cookies\index.dat + 2009-03-10 15:49:30 16,384 --sha-w c:\windows\Temp\History\History.IE5\index.dat + 2009-03-10 15:49:30 32,768 --sha-w c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Creative Detector"="c:\program files\CreativeEMI\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-12-08 352256] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 118784] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077327] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "RTHDCPL"="RTHDCPL.EXE" [2005-11-10 c:\windows\RTHDCPL.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe] "TPSMain"="TPSMain.exe" [2005-08-03 c:\windows\system32\TPSMain.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\Mickael Meynckens\Menu Start\Programma's\Opstarten\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864] SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0stera [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^RAMASST.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\RAMASST.lnk backup=c:\windows\pss\RAMASST.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2008-12-19 12:11 342848 c:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] --a------ 2005-04-12 10:47 65536 c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\bf2_w32ded.exe"= "c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"= "c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\AeriaGames\\12Sky\\TwelveSky.exe"= "c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\Editor.exe"= "c:\\Program Files\\DNA\\btdna.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "43594:TCP"= 43594:TCP:Myfirstserver "45383:TCP"= 45383:TCP:limewire "45383:UDP"= 45383:UDP:limewire R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 114768] R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [2006-05-14 114496] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-05 20560] S1 ec23213a;ec23213a;c:\windows\system32\drivers\ec23213a.sys --> c:\windows\system32\drivers\ec23213a.sys [?] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8.tmp --> c:\windows\system32\8.tmp [?] . Inhoud van de 'Gedeelde Taken' map 2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [] 2006-05-10 c:\windows\Tasks\Herinnering voor registratie 1.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 12:00] 2006-05-24 c:\windows\Tasks\Herinnering voor registratie 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 12:00] 2006-05-31 c:\windows\Tasks\Herinnering voor registratie 3.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 12:00] . - - - - ORPHANS VERWIJDERD - - - - Notify-= - (no file) . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: &Search IE: Add to Windows &Live Favorites - Add to Windows Live Favorites IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Mickael Meynckens\Application Data\Mozilla\Firefox\Profiles\bfkpphmo.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: keyword.URL - hxxp://www.ffsearch.net/s/?ref=adr&q= FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-10 16:58:30 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\8.tmp" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-2956754000-462173396-3950971921-1006\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0] "Percents"="0 0.1008 0.3473 0.4454 0.5322 0.7675 0.7731 " "Increment"=".013699" "FRT"="EGh+TeIAiR50DFrPFWXO+gbsT7AFtC8XHTkOrYDzdj7utoZe+rsZNA==" "PLCK"="nv1OGMTGkLBXhXOBtKWWRC0j5DMTc6at" "PHSH"="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2009-03-10 17:01:33 ComboFix-quarantined-files.txt 2009-03-10 16:01:13 ComboFix2.txt 2009-03-09 21:28:54 Pre-Run: 6.154.141.696 bytes beschikbaar Post-Run: 6,148,042,752 bytes beschikbaar 198 --- E O F --- 2009-02-25 16:33:33

Combofix log: ComboFix 09-03-06.02 - Mickael Meynckens 2009-03-09 22:15:27.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.478.74 [GMT 1:00] Gestart vanuit: c:\documents and settings\Mickael Meynckens\Bureaublad\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090308-0] *On-access scanning enabled* (Updated) * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\Dxc.log c:\documents and settings\Mickael Meynckens\Local Settings\Temporary Internet Files\80C83654-E5B8-4c11-9CF8-944A3B1BE815-btnclk c:\documents and settings\Mickael Meynckens\Local Settings\Temporary Internet Files\80C83654-E5B8-4c11-9CF8-944A3B1BE815-btnnrm c:\documents and settings\Mickael Meynckens\Local Settings\Temporary Internet Files\80C83654-E5B8-4c11-9CF8-944A3B1BE815-btnovr c:\documents and settings\Mickael Meynckens\Local Settings\Temporary Internet Files\80C83654-E5B8-4c11-9CF8-944A3B1BE815-index.html c:\documents and settings\Mickael Meynckens\Local Settings\Temporary Internet Files\Dxc.log C:\install.exe c:\program files\Common Files\companion wizard c:\program files\Mozilla Firefox\components\edf24c64-7b12-154b-2014-657ad2a5ef9a.dll c:\windows\system32\_000006_.tmp.dll c:\windows\system32\28463 c:\windows\system32\28463\CNAE.001 c:\windows\system32\cpmsky-uninst.exe c:\windows\system32\gzmrot-uninst.exe D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SYSREST.SYS -------\Legacy_TDSSSERV -------\Service_tdssserv (((((((((((((((((((( Bestanden Gemaakt van 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))) . 2009-03-09 20:15 . 2009-03-09 20:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-09 20:15 . 2009-03-09 20:15 <DIR> d-------- c:\documents and settings\Mickael Meynckens\Application Data\Malwarebytes 2009-03-09 20:15 . 2009-03-09 20:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-09 20:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-09 20:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-09 17:07 . 2009-03-09 17:07 <DIR> d-------- c:\program files\Trend Micro 2009-03-02 09:30 . 2009-03-02 09:30 <DIR> d-------- c:\program files\TI Education 2009-03-01 22:31 . 2009-03-01 22:31 7,680 --ahs---- c:\windows\Thumbs.db 2009-02-27 11:49 . 2009-03-07 19:36 <DIR> d-------- c:\program files\Cheat Engine 2009-02-27 11:49 . 2006-09-04 19:16 1,970,176 --a------ c:\windows\system32\d3dx9.dll 2009-02-27 11:49 . 2006-09-04 19:16 679,936 --a------ c:\windows\system32\D3DX81ab.dll 2009-02-26 15:01 . 2003-07-19 16:17 5,174 --a------ c:\windows\system32\nppt9x.vxd 2009-02-26 15:01 . 2005-01-03 07:43 4,682 --a------ c:\windows\system32\npptNT2.sys 2009-02-26 15:00 . 2009-02-26 15:00 <DIR> d-------- c:\program files\Common Files\INCA Shared 2009-02-26 14:36 . 2009-02-26 21:07 <DIR> d-------- C:\AeriaGames 2009-02-26 14:34 . 2009-02-26 14:34 <DIR> d-------- c:\documents and settings\Mickael Meynckens\Application Data\InstallShield 2009-02-26 11:32 . 2009-02-26 11:32 621,568 --a------ c:\windows\system32\nsq303.dll 2009-02-25 12:00 . 2009-01-09 20:18 1,089,891 -----c--- c:\windows\system32\dllcache\ntprint.cat 2009-02-24 21:13 . 2009-02-24 21:13 <DIR> d-------- c:\documents and settings\All Users\MAYN Games 2009-02-20 22:55 . 2009-02-20 22:55 <DIR> d-------- c:\program files\Ubisoft 2009-02-17 17:57 . 2009-02-17 17:57 <DIR> d-------- c:\documents and settings\Mickael Meynckens\Application Data\MySpace . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-07 23:47 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-07 19:06 --------- d-----w c:\program files\LimeWire 2009-03-01 23:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-01 17:13 --------- d-----w c:\documents and settings\Mickael Meynckens\Application Data\DNA 2009-02-26 09:46 --------- d-----w c:\program files\DNA 2009-02-05 12:16 --------- d-----w c:\program files\Reference Assemblies 2009-02-05 12:16 --------- d-----w c:\program files\MSBuild 2009-02-05 12:05 --------- d-----w c:\program files\MSXML 6.0 2008-12-28 13:53 31 ----a-w c:\documents and settings\Mickael Meynckens\jagex_runescape_preferences.dat 2008-09-12 18:47 22,328 ----a-w c:\documents and settings\Mickael Meynckens\Application Data\PnkBstrK.sys 2006-12-18 23:03 507,904 ----a-w c:\program files\ie-spyad.exe 2006-12-18 23:00 125,388 ----a-w c:\program files\hosts.zip 2006-12-18 22:51 670 ----a-w c:\program files\SpywareGuard LiveUpdate.lnk 2006-12-18 22:51 638 ----a-w c:\program files\SpywareGuard.lnk 2006-12-18 22:41 690 ----a-w c:\program files\SpywareBlaster.lnk 2006-12-17 21:57 381,390 ----a-w c:\program files\combofix.exe 2006-12-17 20:34 5,426,588 ----a-w c:\program files\drweb-cureit.exe 2006-12-17 13:16 849 ----a-w c:\program files\AVG Anti-Spyware.lnk 2006-12-17 12:54 99,622 ----a-w c:\program files\sedebugfix.exe 2006-12-17 12:26 1,182,183 ----a-w c:\program files\sarsfx.exe 2006-08-01 19:38 10,973,128 ----a-w c:\program files\setupdutALVAST.exe 2008-09-05 18:42 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008081820080825\index.dat 2008-09-12 18:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090120080908\index.dat 2008-09-12 19:51 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008091220080913\index.dat 2008-09-13 09:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008091320080914\index.dat 2008-09-13 21:32 49,152 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Creative Detector"="c:\program files\CreativeEMI\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-12-08 352256] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 118784] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077327] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "RTHDCPL"="RTHDCPL.EXE" [2005-11-10 c:\windows\RTHDCPL.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe] "TPSMain"="TPSMain.exe" [2005-08-03 c:\windows\system32\TPSMain.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\Mickael Meynckens\Menu Start\Programma's\Opstarten\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864] SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0stera [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^RAMASST.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\RAMASST.lnk backup=c:\windows\pss\RAMASST.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2008-12-19 12:11 342848 c:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] --a------ 2005-04-12 10:47 65536 c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\bf2_w32ded.exe"= "c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"= "c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\AeriaGames\\12Sky\\TwelveSky.exe"= "c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\Editor.exe"= "c:\\Program Files\\DNA\\btdna.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "43594:TCP"= 43594:TCP:Myfirstserver "45383:TCP"= 45383:TCP:limewire "45383:UDP"= 45383:UDP:limewire R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 114768] R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [2006-05-14 114496] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-05 20560] S1 ec23213a;ec23213a;c:\windows\system32\drivers\ec23213a.sys [2008-08-26 0] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8.tmp --> c:\windows\system32\8.tmp [?] --- Andere Services/Drivers In Geheugen --- *Deregistered* - ALG *Deregistered* - Apple Mobile Device *Deregistered* - aswUpdSv *Deregistered* - Ati HotKey Poller *Deregistered* - AudioSrv *Deregistered* - Autodesk Licensing Service *Deregistered* - avast! Antivirus *Deregistered* - avast! Mail Scanner *Deregistered* - avast! Web Scanner *Deregistered* - AVG Anti-Spyware Guard *Deregistered* - BITS *Deregistered* - Browser *Deregistered* - CFSvcs *Deregistered* - Creative Service for CDROM Access *Deregistered* - CryptSvc *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - Dnscache *Deregistered* - DVD-RAM_Service *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - helpsvc *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - MSIServer *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - pnkbstra *Deregistered* - PnkBstrB *Deregistered* - PolicyAgent *Deregistered* - ProtectedStorage *Deregistered* - RasMan *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - srservice *Deregistered* - SSDPSRV *Deregistered* - stisvc *Deregistered* - TapiSrv *Deregistered* - TAPPSRV *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - W32Time *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WZCSVC [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\setupSNK.exe . Inhoud van de 'Gedeelde Taken' map 2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [] 2006-05-10 c:\windows\Tasks\Herinnering voor registratie 1.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 12:00] 2006-05-24 c:\windows\Tasks\Herinnering voor registratie 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 12:00] 2006-05-31 c:\windows\Tasks\Herinnering voor registratie 3.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 12:00] . - - - - ORPHANS VERWIJDERD - - - - HKU-Default-Run-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe SSODL-JSXjIh-{D4B64AF6-7E1C-E05C-FC43-69CCB3F1284D} - c:\windows\system32\vm.dll Notify-= - (no file) MSConfigStartUp-FIVE OBJ - c:\docume~1\MICKAE~1\APPLIC~1\Flagbows\16 atom spam.exe MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe MSConfigStartUp-spa_start - c:\windows\system32\{b518d6d3-d584-d859-7b26-e530cd057801}.dll MSConfigStartUp-yammk - c:\documents and settings\mickael meynckens\local settings\application data\yammk.exe . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: &Search IE: Add to Windows &Live Favorites - Add to Windows Live Favorites IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Mickael Meynckens\Menu Start\Programma's\IMVU\Run IMVU.lnk FF - ProfilePath - c:\documents and settings\Mickael Meynckens\Application Data\Mozilla\Firefox\Profiles\bfkpphmo.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: keyword.URL - hxxp://www.ffsearch.net/s/?ref=adr&q= FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-09 22:21:35 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\8.tmp" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-2956754000-462173396-3950971921-1006\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0] "Percents"="0 0.1008 0.3473 0.4454 0.5322 0.7675 0.7731 " "Increment"=".013699" "FRT"="EGh+TeIAiR50DFrPFWXO+gbsT7AFtC8XHTkOrYDzdj7utoZe+rsZNA==" "PLCK"="nv1OGMTGkLBXhXOBtKWWRC0j5DMTc6at" "PHSH"="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\CTSVCCDA.EXE c:\windows\system32\DVDRAMSV.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe c:\windows\system32\TPSBattM.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\msiexec.exe c:\program files\SpywareGuard\sgbhp.exe . ************************************************************************** . Voltooingstijd: 2009-03-09 22:28:51 - machine werd herstart ComboFix-quarantined-files.txt 2009-03-09 21:28:46 Pre-Run: 6.215.155.712 bytes beschikbaar Post-Run: 6,167,453,696 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 296 --- E O F --- 2009-02-25 16:33:33 HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:32, on 9/03/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CreativeEMI\MediaSource\Detector\CTDetect.exe C:\Program Files\SpywareGuard\sgmain.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\CreativeEMI\MediaSource\Detector\CTDetect.exe /R O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mickael Meynckens\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {70ba88c8-dae8-4ce9-92bb-979c4a75f53b} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: PnkBstrA (pnkbstra) - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Spooler - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing) O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O24 - Desktop Component 0: Privacy Protection - (no file) -- End of file - 7987 bytes Bedankt voor al wat je al gedaan hebt en die VIRUS ALERT! is nu toch wel weg gegaan.

HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:46: VIRUS ALERT!, on 9/03/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CreativeEMI\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\CreativeEMI\MediaSource\Detector\CTDetect.exe /R O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mickael Meynckens\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {70ba88c8-dae8-4ce9-92bb-979c4a75f53b} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O21 - SSODL: JSXjIh - {D4B64AF6-7E1C-E05C-FC43-69CCB3F1284D} - C:\WINDOWS\system32\vm.dll (file missing) O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: PnkBstrA (pnkbstra) - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O24 - Desktop Component 0: Privacy Protection - (no file) -- End of file - 8318 bytes MBAM log: Malwarebytes' Anti-Malware 1.34 Database versie: 1828 Windows 5.1.2600 Service Pack 2 9/03/2009 20:35:12 mbam-log-2009-03-09 (20-35-12).txt Scan type: Snelle Scan Objecten gescand: 69618 Verstreken tijd: 17 minute(s), 31 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 57 Registerwaarden geïnfecteerd: 9 Registerdata bestanden geïnfecteerd: 8 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 19 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: C:\Program Files\Mozilla Firefox\components\nsBrowserGal.dll (Adware.Agent) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\adssite.ad (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adssite.ad.1 (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adzgalore.optimizer (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adzgalore.optimizer.1 (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bhonew.bho (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4cde7971-1026-41ae-9818-31a9e5779441} (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{81b7f2df-3427-4704-b441-f74a4de94ce1} (Adware.Rightonadz) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bd219b90-626b-40f4-bfdd-420240dfca2c} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6d0386b3-fd72-488e-9740-90355ae21735} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{994b5fb4-0103-44a6-b6b3-c73572b362bc} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{faba076a-478a-4c32-a0a5-c774607901c2} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f31b3634-12aa-41ca-b021-0685c3b3e4ca} (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{49bcc77a-79eb-4d50-a6db-04e8202921c4} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{5dbd13bc-c3f8-4846-ad3e-ba3479a5d3f1} (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d0386b3-fd72-488e-9740-90355ae21735} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{36a91cec-6c71-4758-b492-397bfc8e96a2} (Adware.Rightonadz) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ab71e94e-3dc4-41eb-bbd5-31e82c9fd1d4} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\391c2021-e6f2-bfb8-7fe1-35c45e67815b (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adzgalore (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\ToolbarInst.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\adzgalore (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\IEAntiVirus (Rogue.IEAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rightonadz (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\fqbewlna.bdql (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\fqbewlna.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10578b14-2d4c-a176-27c8-bf80c202b94d} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{10578b14-2d4c-a176-27c8-bf80c202b94d} (Adware.BHO) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispy (Rogue.IEAntiVirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (IESearch Start) Good: (Google) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (softwarereferral.com) Good: (Google) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76395-OEM-0011903-00111) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: C:\Documents and Settings\Mickael Meynckens\Local Settings\Application Data\yammk_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Mickael Meynckens\Local Settings\Application Data\yammk_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Mickael Meynckens\Local Settings\Application Data\yammk.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Mickael Meynckens\Local Settings\Application Data\yammk.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\391c2021-e6f2-bfb8-7fe1-35c45e67815b.exe (Adware.Adrotator) -> Quarantined and deleted successfully. C:\WINDOWS\system32\adzgalore-remove.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Mickael Meynckens\Application Data\TmpRecentIcons\Micro Antivirus 2009.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\components\nsBrowserGal.dll (Adware.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rightonadz-uninst.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\phc9f6j0ecba.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ClickToFindandFixErrorsIntl.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Mickael Meynckens\Favorieten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Mickael Meynckens\Favorieten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Mickael Meynckens\Favorieten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nsr84.dll (Adware.BHO) -> Quarantined and deleted successfully. Ik vind AEAntiVirus niet ik heb er een aantal keer voor gezocht maar mijn computer vind het echt niet.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:08: VIRUS ALERT!, on 9/03/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CreativeEMI\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: adzgalore - {10578b14-2d4c-a176-27c8-bf80c202b94d} - C:\WINDOWS\system32\nsc2F.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\CreativeEMI\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIR.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000 O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mickael Meynckens\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {70ba88c8-dae8-4ce9-92bb-979c4a75f53b} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O21 - SSODL: JSXjIh - {D4B64AF6-7E1C-E05C-FC43-69CCB3F1284D} - C:\WINDOWS\system32\vm.dll (file missing) O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: PnkBstrA (pnkbstra) - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 9021 bytes Dit is van Hijack. En na mijn tijd staat er 'VIRUS ALERT!' dit komt door een virus van vroeger maar ik krijg het niet weg. Recht vanonder is het nu; 17:14: VIRUS ALERT!.

Ik weet niet welk virus het is maar Avast en AVG hebben het gevonden.

Ik heb een virusinfectie op mijn computer die veel bestanden infecteren maar ik vind het virus zelf niet. Ik gebruik Mozilla Firefox.