Lieven2

Ja! Werkt terug perfect! Merci!

MBAM log: Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2012.07.19.07 Windows 7 x64 NTFS (Veilige modus/netwerkmogelijkheden) Internet Explorer 9.0.8112.16421 Lieven :: LIEVEN-PC [administrator] Realtime bescherming: Uitgeschakeld 19/07/2012 11:06:24 mbam-log-2012-07-19 (11-06-24).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 219670 Verstreken tijd: 5 minuut/minuten, 46 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 96 HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.HbGuru (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.HbAx (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{5FE0CEAE-CB69-40af-A323-40F94257DACB} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.KOPFF (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.Dwnldr (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.Scopes (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.IEButtonA (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.Reporter (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.Stock.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.Stock (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.IEButton (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{02AED140-2B62-4b49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.CntntDic (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.CntntDisp (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.ReportData (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\CmndFF.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\mozillaps.dll (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SYSTEM\CurrentControlSet\Services\QuestScan Service (Adware.QuestScan) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.0.517.0 (Adware.HotBar) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E879077FB4765B5B35A196 (Malware.Trace) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Mozilla\Firefox\extensions|ShopperReports@ShopperReports.com (ShopperReports) -> Data: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 15 C:\Users\Lieven\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\$Recycle$ (Trojan.Spyeyes) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096} (Adware.QuestScan) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome (Adware.QuestScan) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults (Adware.QuestScan) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences (Adware.QuestScan) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 18 C:\Users\Lieven\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Geen actie ondernomen. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\Pltfrm.dll (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\CmndFF.dll (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Lieven\AppData\Roaming\toip0_tmp.exe (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Lieven\AppData\Local\Temp\toip0_tmp.exe (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Lieven\Downloads\VLCSetup.exe (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome.manifest (Adware.QuestScan) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\install.rdf (Adware.QuestScan) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar (Adware.QuestScan) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences\prefs.js (Adware.QuestScan) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Hijack log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:23:52, on 19/07/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Users\Lieven\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Users\Lieven\AppData\Local\Akamai\netsession_win.exe C:\Users\Lieven\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Users\Lieven\AppData\Local\Akamai\netsession_win.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\HyperCam Toolbar\tbhelper.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Lieven\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Lieven\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Lieven\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe -update plugin O4 - Startup: Dropbox.lnk = Lieven\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: vpngui.exe.lnk = ? O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files (x86)\ISP Monitor\ISPMonitorSrv.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 17841 bytes

Heb ondertussen wel in veilige modus kunnen opstarten! Dit is het highjack log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:52:04, on 19/07/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Safe mode with network support Running processes: C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Users\Lieven\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\HyperCam Toolbar\tbhelper.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: ShopperReports - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\ShopperReports.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: uTorrentBar_NL - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll O3 - Toolbar: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Lieven\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Lieven\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Lieven\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [update] C:\Users\Lieven\AppData\Roaming\toip0_tmp.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = Lieven\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: vpngui.exe.lnk = ? O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\ShopperReports.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\ShopperReports.dll O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files (x86)\ISP Monitor\ISPMonitorSrv.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: QuestScan Service - Unknown owner - C:\ProgramData\QuestScan\questscan137.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 18560 bytes

ik snap het deel van de bios niet zo goed. Zou je dit wat simpeler kunnen uitleggen?

Het probleem is ik weet niet hoe ik iets kan doen met de computer met het virus op. Hoe kan ik hier dan zo'n log van maken? (en selecteren en hier posten) PS: Moet je het HighJackThis gewoon downloaden en op een usb zetten. of eerst installeren en het totaal op een de usb zetten?

Beste, Ik heb sinds kort een probleem met dit Federal crime unit virus en krijg dit maar niet opgelost. Ik weet dat er al veel oplossingen op het internet staan maar ik krijg deze nooit volledig uitgevoerd dus zit ik een beetje vast. Ik heb al geprobeerd om met de mac van mijn zus (waar ik nu tevens op zit) hitmanPro te downloaden en dan op een usb te zetten. Maar als ik al vanaf het scherm het ctrl+o scherm geopend krijg (hierbij loopt de pc al 50% van de keren vast) zie ik het wel maar kan ik deze bestanden niet uitvoeren omdat hij ze niet vindt. Ook krijg ik hem niet in veilige modus opgestart want dan loopt het vast bij avgidsha.sys. Kan iemand mij op een simpele manier uitleggen wat ik exact moet doen? Of hoe ik jullie de informatie kan geven om mij te helpen? Bij voorbaat dank!

allemaal gedaan ! Dankuwel

zouek deze niet moeten laten fixen ? "O23 - Service: fy - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice082.exe"

Malwarebytes' Anti-Malware 1.40 Database versie: 2659 Windows 5.1.2600 Service Pack 2 16/12/2009 20:06:37 mbam-log-2009-12-16 (20-06-37).txt Scan type: Snelle Scan Objecten gescand: 104670 Verstreken tijd: 12 minute(s), 6 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fy (Trojan.Agent) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) het logje van Mawarebytes... ik post hijacthis log nadat ik de computer opnieuw heb opgestart. Bedankt voor de hulp alvast ! ---------- Post toegevoegd om 21:18 ---------- Vorige post was om 21:09 ---------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:17:25, on 16/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\calc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\QTTask.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\BtUsrBdg.exe C:\WINDOWS\system32\BTSetBootKey.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice082.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [bTUSRBDG] BtUsrBdg.exe O4 - HKLM\..\Run: [bTSETBOOTKEY] BTSetBootKey.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lieven1992.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://delieven.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: fy - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice082.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 10893 bytes Logje highjack this

Ik was foto's van op mijn pc aant zetten en ik blijkbaar is er een raar bestand met meegekomen. Rejoice082.exe Als ik het gwn laat zoeken vind het: REJOICE082.EXE-178BADDA.pf in C:\WINDOWS\Prefetch HJT-log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:23:33, on 16/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\QTTask.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\BtUsrBdg.exe C:\WINDOWS\system32\BTSetBootKey.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\WISPTIS.EXE C:\WINDOWS\system32\calc.exe C:\Program Files\QuickTime\QuickTimePlayer.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice082.exe C:\WINDOWS\system32\dumprep.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\dwwin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [bTUSRBDG] BtUsrBdg.exe O4 - HKLM\..\Run: [bTSETBOOTKEY] BTSetBootKey.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O15 - Trusted Zone: ...................... O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [/url] O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: fy - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice082.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 11726 bytes

geen meer maar hoe kan ik die camera en usb sticks enzo allemaal nakijken zonder mijn pc te infecteren?

ComboFix 09-08-20.07 - pcs 21/08/2009 14:55.2.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.1022.499 [GMT 2:00] Gestart vanuit: c:\documents and settings\pcs\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\pcs\Bureaublad\CFScript.txt AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Nieuw herstelpunt werd aangemaakt FILE :: "C:\autorun.inf.tmp" "c:\windows\system32\GameMon.des" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf.tmp c:\windows\system32\GameMon.des . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_npggsvc (((((((((((((((((((( Bestanden Gemaakt van 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))) . 2009-08-20 08:01 . 2009-08-20 08:12 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-19 22:48 . 2009-08-19 22:48 -------- d-----w- c:\documents and settings\pcs\Application Data\Malwarebytes 2009-08-19 22:48 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-19 22:48 . 2009-08-19 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-19 22:48 . 2009-08-19 22:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-19 22:48 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-19 18:33 . 2009-08-19 18:33 -------- d-----w- c:\program files\Trend Micro 2009-08-19 16:38 . 2009-08-19 16:38 -------- d-----w- c:\documents and settings\pcs\Application Data\Uniblue 2009-08-19 16:38 . 2009-07-06 04:09 2568216 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe 2009-08-19 16:38 . 2009-08-19 16:38 -------- d-----w- c:\program files\Uniblue 2009-08-19 16:38 . 2008-08-26 16:48 99624 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe 2009-08-19 16:38 . 2008-08-26 16:48 757760 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll 2009-08-19 16:38 . 2008-08-26 16:48 6676480 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll 2009-08-19 16:38 . 2008-08-26 16:48 497496 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll 2009-08-19 16:38 . 2008-08-26 16:48 413696 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\52CD59C9\6383BC9B\update.dll 2009-08-19 16:38 . 2008-08-26 16:48 2019624 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe 2009-08-19 16:38 . 2008-08-26 16:48 111912 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe 2009-08-19 16:37 . 2009-08-19 16:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1} 2009-08-19 12:51 . 2009-08-19 12:51 64 ----a-w- c:\documents and settings\pcs\Application Data\Mozilla\Firefox\Profiles\jlcmk8a0.default\extensions\dvscontextmenuy@dvdvideosoft.com 2009-08-13 01:04 . 2009-08-13 01:04 -------- d-----w- c:\windows\ServicePackFiles 2009-08-12 10:29 . 2009-06-05 07:55 655872 ------w- c:\windows\system32\dllcache\mstscax.dll 2009-08-07 11:33 . 2009-08-07 11:33 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-07 11:33 . 2009-08-07 11:33 -------- d-----w- c:\program files\MSBuild 2009-08-07 11:32 . 2009-08-07 11:32 -------- d-----w- c:\program files\Reference Assemblies 2009-08-07 11:32 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-07 11:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-07 11:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-07 11:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-07 11:32 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-07 11:32 . 2009-08-07 11:32 -------- d-----w- C:\44588f19e408fc1bfaf9fe6e8a 2009-08-07 11:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-07 11:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-07 11:25 . 2009-08-07 11:25 -------- d-----w- c:\program files\MSXML 6.0 2009-08-05 09:07 . 2009-08-05 09:07 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-28 21:59 . 2007-10-12 13:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll 2009-07-28 21:59 . 2007-10-02 07:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll 2009-07-28 21:59 . 2007-10-12 13:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll 2009-07-28 21:58 . 2009-07-28 21:59 -------- d--h--w- c:\windows\msdownld.tmp 2009-07-28 21:58 . 2009-07-28 21:58 -------- d-----w- c:\windows\Logs 2009-07-28 21:27 . 2009-07-28 21:27 -------- d-----w- c:\documents and settings\pcs\Local Settings\Application Data\DNA 2009-07-28 21:27 . 2009-08-21 13:09 -------- d-----w- c:\program files\DNA 2009-07-28 21:27 . 2009-08-21 13:09 -------- d-----w- c:\documents and settings\pcs\Application Data\DNA 2009-07-26 22:14 . 2009-07-26 22:14 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys 2009-07-26 22:13 . 2009-07-26 22:13 32480 ----a-w- c:\windows\system32\Partizan.exe 2009-07-26 22:13 . 2009-07-26 22:13 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2009-07-26 22:10 . 2009-07-26 22:10 2 --shatr- c:\windows\winstart.bat 2009-07-26 22:09 . 2009-07-26 22:09 -------- d-----w- c:\program files\Greatis . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-21 13:05 . 2007-04-28 17:01 12 ----a-w- c:\windows\bthservsdp.dat 2009-08-19 12:51 . 2008-06-02 20:37 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-08-19 12:50 . 2008-06-02 20:37 -------- d-----w- c:\program files\DVDVideoSoft 2009-08-07 13:55 . 2005-11-09 14:18 82528 ----a-w- c:\documents and settings\pcs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-07 11:46 . 2004-09-08 11:27 585018 ----a-w- c:\windows\system32\perfh013.dat 2009-08-07 11:46 . 2004-09-08 11:27 126216 ----a-w- c:\windows\system32\perfc013.dat 2009-08-05 09:07 . 2004-08-04 08:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-27 21:57 . 2006-02-18 13:54 21840 ----atw- c:\windows\system32\SIntfNT.dll 2009-07-27 21:57 . 2006-02-18 13:54 17212 ----atw- c:\windows\system32\SIntf32.dll 2009-07-27 21:57 . 2006-02-18 13:54 12067 ----atw- c:\windows\system32\SIntf16.dll 2009-07-27 10:02 . 2005-09-16 23:44 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-25 17:03 . 2006-08-03 13:01 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory 2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-04 13:10 . 2009-01-18 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania 2009-07-04 13:07 . 2007-08-24 12:10 138512 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-04 13:07 . 2007-08-24 12:10 201440 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-06-29 16:01 . 2004-08-04 08:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:01 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:01 . 2004-08-04 08:00 17408 ------w- c:\windows\system32\corpol.dll 2009-06-16 14:55 . 2004-08-04 08:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 11:33 . 2004-08-04 08:00 79872 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:26 . 2004-08-04 08:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:32 . 2004-08-04 08:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 18:10 . 2009-06-06 12:28 480688 ----a-w- c:\documents and settings\pcs\Application Data\ijjigame\ijjistarter2FxB.exe 2009-06-05 07:55 . 2004-08-04 08:00 655872 ----a-w- c:\windows\system32\mstscax.dll 2009-06-03 19:27 . 2004-08-04 08:00 1294848 ----a-w- c:\windows\system32\quartz.dll 2009-06-03 15:48 . 2009-06-05 18:09 779720 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\PurpleBean.exe 2009-05-26 15:31 . 2009-06-05 18:07 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe . ((((((((((((((((((((((((((((( SnapShot@2009-08-20_08.39.19 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-21 13:07 . 2009-08-21 13:07 16384 c:\windows\Temp\Perflib_Perfdata_7a0.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-07-28 323392] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-08 339968] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816] "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592] "BTUSRBDG"="BtUsrBdg.exe" - c:\windows\system32\BtUsrBdg.exe [2003-11-05 53248] "BTSETBOOTKEY"="BTSetBootKey.exe" - c:\windows\system32\BTSetBootKey.exe [2003-04-15 36864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth II\\game.dat"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Electronic Arts\\The Rise of the Witch-king\\game.dat"= "c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\ijji\\ENGLISH\\u_gunz.exe"= "c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"= "c:\\Program Files\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Sierra\\Empire Earth\\Empire Earth.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\AeriaGames\\WolfTeam\\Wolfteam.bin"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5725:TCP"= 5725:TCP:*:Disabled:SolidNetworkManager "5725:UDP"= 5725:UDP:*:Disabled:SolidNetworkManager "50088:TCP"= 50088:TCP:*:Disabled:SolidNetworkManager "50088:UDP"= 50088:UDP:*:Disabled:SolidNetworkManager R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [1/05/2006 16:43 19478] R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [1/05/2006 16:43 635012] R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [1/05/2006 16:43 431236] R3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys [28/04/2007 14:19 57512] R3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\drivers\BtKrnBdg.sys [28/04/2007 14:19 15876] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/08/2007 22:08 112688] R3 vad_multi;Windigo Virtual Audio Device (WDM);c:\windows\system32\drivers\vadmulti.sys [28/04/2007 14:19 17792] S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [1/05/2006 16:43 64093] S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [4/10/2005 21:55 223232] S3 CSRBC01;%CSRBC01.SvcDesc%;c:\windows\system32\drivers\CSRBC01.sys [28/04/2007 14:19 24859] S3 dump_wmimmc;dump_wmimmc;\??\c:\aeriagames\WolfTeam\GameGuard\dump_wmimmc.sys --> c:\aeriagames\WolfTeam\GameGuard\dump_wmimmc.sys [?] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [17/05/2009 20:15 36608] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [27/07/2009 0:14 34760] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [27/07/2009 0:13 24416] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [17/05/2009 20:15 90112] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [17/05/2009 20:15 14976] S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [17/05/2009 20:15 121856] S3 XDva120;XDva120;\??\c:\windows\system32\XDva120.sys --> c:\windows\system32\XDva120.sys [?] . Inhoud van de 'Gedeelde Taken' map 2009-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: live.com\sofievdb.spaces FF - ProfilePath - c:\documents and settings\pcs\Application Data\Mozilla\Firefox\Profiles\jlcmk8a0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://nl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\documents and settings\pcs\Application Data\Mozilla\Firefox\Profiles\jlcmk8a0.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-08-21 15:08 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?9?3?9??????? ???B?????????????H<C? ?????? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-2593564199-182219391-2560684300-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(744) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2800) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\HPQ\Shared\hpqwmi.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Voltooingstijd: 2009-08-21 15:18 - machine werd herstart ComboFix-quarantined-files.txt 2009-08-21 13:18 ComboFix2.txt 2009-08-20 08:44 Pre-Run: 21.219.450.880 bytes beschikbaar Post-Run: 21.101.109.248 bytes beschikbaar 265 --- E O F --- 2009-08-13 09:31 HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:21:33, on 21/08/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\QTTask.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\BtUsrBdg.exe C:\WINDOWS\system32\BTSetBootKey.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DNA\btdna.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [bTUSRBDG] BtUsrBdg.exe O4 - HKLM\..\Run: [bTSETBOOTKEY] BTSetBootKey.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O15 - Trusted Zone: http://sofievdb.spaces.live.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lieven1992.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://delieven.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 11137 bytes

ComboFix 09-08-19.04 - pcs 20/08/2009 10:31.1.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.1022.532 [GMT 2:00] Gestart vanuit: c:\documents and settings\pcs\Bureaublad\ComboFix.exe AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\.MS32DLL.dll.vbs c:\program files\Win Stream plugin c:\program files\Win Stream plugin\tbhelper.dll c:\recycler\S-1-5-21-1644491937-725345543-1801674531-1003 c:\recycler\S-1-5-21-4008001444-1602043700-3566051786-1003 c:\windows\.MS32DLL.dll.vbs c:\windows\boot.ini c:\windows\Installer\115448.msp c:\windows\Installer\115449.msp c:\windows\Installer\11544a.msp c:\windows\Installer\11544b.msp c:\windows\Installer\11544c.msp c:\windows\Installer\11544d.msp c:\windows\Installer\11544e.msp c:\windows\Installer\11544f.msp c:\windows\Installer\115450.msp c:\windows\Installer\156bd46.msp c:\windows\Installer\156bd47.msp c:\windows\Installer\156bd48.msp c:\windows\Installer\156bd49.msp c:\windows\Installer\156bd4a.msp c:\windows\Installer\156bd4b.msp c:\windows\Installer\156bd4c.msp c:\windows\Installer\156bd4d.msp c:\windows\Installer\156bd4e.msp c:\windows\Installer\169e78.msp c:\windows\Installer\169e79.msp c:\windows\Installer\169e7a.msp c:\windows\Installer\169e7b.msp c:\windows\Installer\169e7c.msp c:\windows\Installer\169e7d.msp c:\windows\Installer\169e7e.msp c:\windows\Installer\169e7f.msp c:\windows\Installer\169e80.msp c:\windows\Installer\1b0a266.msp c:\windows\Installer\1b0a267.msp c:\windows\Installer\1b0a268.msp c:\windows\Installer\1b0a269.msp c:\windows\Installer\1b0a26a.msp c:\windows\Installer\1b0a26b.msp c:\windows\Installer\1b0a26c.msp c:\windows\Installer\1b0a26d.msp c:\windows\Installer\1b0a26e.msp c:\windows\Installer\2125775.msp c:\windows\Installer\2125776.msp c:\windows\Installer\2125777.msp c:\windows\Installer\2125778.msp c:\windows\Installer\2125779.msp c:\windows\Installer\212577a.msp c:\windows\Installer\212577b.msp c:\windows\Installer\212577c.msp c:\windows\Installer\212577d.msp c:\windows\Installer\287657.msp c:\windows\Installer\287658.msp c:\windows\Installer\287659.msp c:\windows\Installer\28765a.msp c:\windows\Installer\28765b.msp c:\windows\Installer\28765c.msp c:\windows\Installer\28765d.msp c:\windows\Installer\28765e.msp c:\windows\Installer\28765f.msp c:\windows\Installer\2f96a.msp c:\windows\Installer\2f96b.msp c:\windows\Installer\2f96c.msp c:\windows\Installer\2f96d.msp c:\windows\Installer\2f96e.msp c:\windows\Installer\2f96f.msp c:\windows\Installer\2f970.msp c:\windows\Installer\2f971.msp c:\windows\Installer\2f972.msp c:\windows\Installer\30477.msp c:\windows\Installer\30478.msp c:\windows\Installer\30479.msp c:\windows\Installer\3047a.msp c:\windows\Installer\3047b.msp c:\windows\Installer\3047c.msp c:\windows\Installer\3047d.msp c:\windows\Installer\3047e.msp c:\windows\Installer\3047f.msp c:\windows\Installer\32abb.msp c:\windows\Installer\32abc.msp c:\windows\Installer\32abd.msp c:\windows\Installer\32abe.msp c:\windows\Installer\32abf.msp c:\windows\Installer\32ac0.msp c:\windows\Installer\32ac1.msp c:\windows\Installer\32ac2.msp c:\windows\Installer\32ac3.msp c:\windows\Installer\33357.msp c:\windows\Installer\33358.msp c:\windows\Installer\33359.msp c:\windows\Installer\3335a.msp c:\windows\Installer\3335b.msp c:\windows\Installer\3335c.msp c:\windows\Installer\3335d.msp c:\windows\Installer\3335e.msp c:\windows\Installer\3335f.msp c:\windows\Installer\33385.msp c:\windows\Installer\33386.msp c:\windows\Installer\33387.msp c:\windows\Installer\33388.msp c:\windows\Installer\33389.msp c:\windows\Installer\3338a.msp c:\windows\Installer\3338b.msp c:\windows\Installer\3338c.msp c:\windows\Installer\3338d.msp c:\windows\Installer\339cf.msp c:\windows\Installer\339d0.msp c:\windows\Installer\339d1.msp c:\windows\Installer\339d2.msp c:\windows\Installer\339d3.msp c:\windows\Installer\339d4.msp c:\windows\Installer\339d5.msp c:\windows\Installer\339d6.msp c:\windows\Installer\339d7.msp c:\windows\Installer\33e15.msp c:\windows\Installer\33e16.msp c:\windows\Installer\33e17.msp c:\windows\Installer\33e18.msp c:\windows\Installer\33e19.msp c:\windows\Installer\33e1a.msp c:\windows\Installer\33e1b.msp c:\windows\Installer\33e1c.msp c:\windows\Installer\33e1d.msp c:\windows\Installer\341d9d.msi c:\windows\Installer\34209b.msp c:\windows\Installer\34209c.msp c:\windows\Installer\34209d.msp c:\windows\Installer\34209e.msp c:\windows\Installer\34209f.msp c:\windows\Installer\3420a0.msp c:\windows\Installer\3420a1.msp c:\windows\Installer\3420a2.msp c:\windows\Installer\3420a3.msp c:\windows\Installer\346fe.msp c:\windows\Installer\346ff.msp c:\windows\Installer\34700.msp c:\windows\Installer\34701.msp c:\windows\Installer\34702.msp c:\windows\Installer\34703.msp c:\windows\Installer\34704.msp c:\windows\Installer\34705.msp c:\windows\Installer\34706.msp c:\windows\Installer\349bd.msp c:\windows\Installer\349be.msp c:\windows\Installer\349bf.msp c:\windows\Installer\349c0.msp c:\windows\Installer\349c1.msp c:\windows\Installer\349c2.msp c:\windows\Installer\349c3.msp c:\windows\Installer\349c4.msp c:\windows\Installer\349c5.msp c:\windows\Installer\36071.msp c:\windows\Installer\36072.msp c:\windows\Installer\36073.msp c:\windows\Installer\36074.msp c:\windows\Installer\36075.msp c:\windows\Installer\36076.msp c:\windows\Installer\36077.msp c:\windows\Installer\36078.msp c:\windows\Installer\36079.msp c:\windows\Installer\360a0.msp c:\windows\Installer\360a1.msp c:\windows\Installer\360a2.msp c:\windows\Installer\360a3.msp c:\windows\Installer\360a4.msp c:\windows\Installer\360a5.msp c:\windows\Installer\360a6.msp c:\windows\Installer\360a7.msp c:\windows\Installer\360a8.msp c:\windows\Installer\362b4.msp c:\windows\Installer\362b5.msp c:\windows\Installer\362b6.msp c:\windows\Installer\362b7.msp c:\windows\Installer\362b8.msp c:\windows\Installer\362b9.msp c:\windows\Installer\362ba.msp c:\windows\Installer\362bb.msp c:\windows\Installer\362bc.msp c:\windows\Installer\362f2.msp c:\windows\Installer\362f3.msp c:\windows\Installer\362f4.msp c:\windows\Installer\362f5.msp c:\windows\Installer\362f6.msp c:\windows\Installer\362f7.msp c:\windows\Installer\362f8.msp c:\windows\Installer\362f9.msp c:\windows\Installer\362fa.msp c:\windows\Installer\3768a.msp c:\windows\Installer\3768b.msp c:\windows\Installer\3768c.msp c:\windows\Installer\3768d.msp c:\windows\Installer\3768e.msp c:\windows\Installer\3768f.msp c:\windows\Installer\37690.msp c:\windows\Installer\37691.msp c:\windows\Installer\37692.msp c:\windows\Installer\3f81e.msp c:\windows\Installer\3f81f.msp c:\windows\Installer\3f820.msp c:\windows\Installer\3f821.msp c:\windows\Installer\3f822.msp c:\windows\Installer\3f823.msp c:\windows\Installer\3f824.msp c:\windows\Installer\3f825.msp c:\windows\Installer\3f826.msp c:\windows\Installer\40741.msp c:\windows\Installer\40742.msp c:\windows\Installer\40743.msp c:\windows\Installer\40744.msp c:\windows\Installer\40745.msp c:\windows\Installer\40746.msp c:\windows\Installer\40747.msp c:\windows\Installer\40748.msp c:\windows\Installer\40749.msp c:\windows\Installer\43006.msp c:\windows\Installer\43007.msp c:\windows\Installer\43008.msp c:\windows\Installer\43009.msp c:\windows\Installer\4300a.msp c:\windows\Installer\4300b.msp c:\windows\Installer\4300c.msp c:\windows\Installer\4300d.msp c:\windows\Installer\4300e.msp c:\windows\Installer\43093.msp c:\windows\Installer\43094.msp c:\windows\Installer\43095.msp c:\windows\Installer\43096.msp c:\windows\Installer\43097.msp c:\windows\Installer\43098.msp c:\windows\Installer\43099.msp c:\windows\Installer\4309a.msp c:\windows\Installer\4309b.msp c:\windows\Installer\43e00.msp c:\windows\Installer\43e01.msp c:\windows\Installer\43e02.msp c:\windows\Installer\43e03.msp c:\windows\Installer\43e04.msp c:\windows\Installer\43e05.msp c:\windows\Installer\43e06.msp c:\windows\Installer\43e07.msp c:\windows\Installer\43e08.msp c:\windows\Installer\43edb.msp c:\windows\Installer\43edc.msp c:\windows\Installer\43edd.msp c:\windows\Installer\43ede.msp c:\windows\Installer\43edf.msp c:\windows\Installer\43ee0.msp c:\windows\Installer\43ee1.msp c:\windows\Installer\43ee2.msp c:\windows\Installer\43ee3.msp c:\windows\Installer\44a83.msp c:\windows\Installer\44a84.msp c:\windows\Installer\44a85.msp c:\windows\Installer\44a86.msp c:\windows\Installer\44a87.msp c:\windows\Installer\44a88.msp c:\windows\Installer\44a89.msp c:\windows\Installer\44a8a.msp c:\windows\Installer\44a8b.msp c:\windows\Installer\44d81.msp c:\windows\Installer\44d82.msp c:\windows\Installer\44d83.msp c:\windows\Installer\44d84.msp c:\windows\Installer\44d85.msp c:\windows\Installer\44d86.msp c:\windows\Installer\44d87.msp c:\windows\Installer\44d88.msp c:\windows\Installer\44d89.msp c:\windows\Installer\46bc7.msp c:\windows\Installer\46bc8.msp c:\windows\Installer\46bc9.msp c:\windows\Installer\46bca.msp c:\windows\Installer\46bcb.msp c:\windows\Installer\46bcc.msp c:\windows\Installer\46bcd.msp c:\windows\Installer\46bce.msp c:\windows\Installer\46bcf.msp c:\windows\Installer\47164.msp c:\windows\Installer\47165.msp c:\windows\Installer\47166.msp c:\windows\Installer\47167.msp c:\windows\Installer\47168.msp c:\windows\Installer\47169.msp c:\windows\Installer\4716a.msp c:\windows\Installer\4716b.msp c:\windows\Installer\4716c.msp c:\windows\Installer\47d4b.msp c:\windows\Installer\47d4c.msp c:\windows\Installer\47d4d.msp c:\windows\Installer\47d4e.msp c:\windows\Installer\47d4f.msp c:\windows\Installer\47d50.msp c:\windows\Installer\47d51.msp c:\windows\Installer\47d52.msp c:\windows\Installer\47d53.msp c:\windows\Installer\48faa.msp c:\windows\Installer\48fab.msp c:\windows\Installer\48fac.msp c:\windows\Installer\48fad.msp c:\windows\Installer\48fae.msp c:\windows\Installer\48faf.msp c:\windows\Installer\48fb0.msp c:\windows\Installer\48fb1.msp c:\windows\Installer\48fb2.msp c:\windows\Installer\49826.msp c:\windows\Installer\49827.msp c:\windows\Installer\49828.msp c:\windows\Installer\49829.msp c:\windows\Installer\4982a.msp c:\windows\Installer\4982b.msp c:\windows\Installer\4982c.msp c:\windows\Installer\4982d.msp c:\windows\Installer\4982e.msp c:\windows\Installer\4ac2b.msp c:\windows\Installer\4ac2c.msp c:\windows\Installer\4ac2d.msp c:\windows\Installer\4ac2e.msp c:\windows\Installer\4ac2f.msp c:\windows\Installer\4ac30.msp c:\windows\Installer\4ac31.msp c:\windows\Installer\4ac32.msp c:\windows\Installer\4ac33.msp c:\windows\Installer\4b10d.msp c:\windows\Installer\4b10e.msp c:\windows\Installer\4b10f.msp c:\windows\Installer\4b110.msp c:\windows\Installer\4b111.msp c:\windows\Installer\4b112.msp c:\windows\Installer\4b113.msp c:\windows\Installer\4b114.msp c:\windows\Installer\4b115.msp c:\windows\Installer\4cabf.msp c:\windows\Installer\4cac0.msp c:\windows\Installer\4cac1.msp c:\windows\Installer\4cac2.msp c:\windows\Installer\4cac3.msp c:\windows\Installer\4cac4.msp c:\windows\Installer\4cac5.msp c:\windows\Installer\4cac6.msp c:\windows\Installer\4cac7.msp c:\windows\Installer\4cb2d.msp c:\windows\Installer\4cb2e.msp c:\windows\Installer\4cb2f.msp c:\windows\Installer\4cb30.msp c:\windows\Installer\4cb31.msp c:\windows\Installer\4cb32.msp c:\windows\Installer\4cb33.msp c:\windows\Installer\4cb34.msp c:\windows\Installer\4cb35.msp c:\windows\Installer\4cee5.msi c:\windows\Installer\4cee6.msp c:\windows\Installer\4cee7.msp c:\windows\Installer\4cee8.msp c:\windows\Installer\4cee9.msp c:\windows\Installer\4ceea.msp c:\windows\Installer\4ceeb.msp c:\windows\Installer\4ceec.msp c:\windows\Installer\4ceed.msp c:\windows\Installer\4ceee.msp c:\windows\Installer\4d4d2.msp c:\windows\Installer\4d4d3.msp c:\windows\Installer\4d4d4.msp c:\windows\Installer\4d4d5.msp c:\windows\Installer\4d4d6.msp c:\windows\Installer\4d4d7.msp c:\windows\Installer\4d4d8.msp c:\windows\Installer\4d4d9.msp c:\windows\Installer\4d4da.msp c:\windows\Installer\4e03b.msp c:\windows\Installer\4e03c.msp c:\windows\Installer\4e03d.msp c:\windows\Installer\4e03e.msp c:\windows\Installer\4e03f.msp c:\windows\Installer\4e040.msp c:\windows\Installer\4e041.msp c:\windows\Installer\4e042.msp c:\windows\Installer\4e043.msp c:\windows\Installer\4e26e.msp c:\windows\Installer\4e26f.msp c:\windows\Installer\4e270.msp c:\windows\Installer\4e271.msp c:\windows\Installer\4e272.msp c:\windows\Installer\4e273.msp c:\windows\Installer\4e274.msp c:\windows\Installer\4e275.msp c:\windows\Installer\4e276.msp c:\windows\Installer\4e378.msp c:\windows\Installer\4e379.msp c:\windows\Installer\4e37a.msp c:\windows\Installer\4e37b.msp c:\windows\Installer\4e37c.msp c:\windows\Installer\4e37d.msp c:\windows\Installer\4e37e.msp c:\windows\Installer\4e37f.msp c:\windows\Installer\4e380.msp c:\windows\Installer\4ee74.msp c:\windows\Installer\4ee75.msp c:\windows\Installer\4ee76.msp c:\windows\Installer\4ee77.msp c:\windows\Installer\4ee78.msp c:\windows\Installer\4ee79.msp c:\windows\Installer\4ee7a.msp c:\windows\Installer\4ee7b.msp c:\windows\Installer\4ee7c.msp c:\windows\Installer\4f395.msp c:\windows\Installer\4f396.msp c:\windows\Installer\4f397.msp c:\windows\Installer\4f398.msp c:\windows\Installer\4f399.msp c:\windows\Installer\4f39a.msp c:\windows\Installer\4f39b.msp c:\windows\Installer\4f39c.msp c:\windows\Installer\4f39d.msp c:\windows\Installer\4fc072.msp c:\windows\Installer\4fc073.msp c:\windows\Installer\4fc074.msp c:\windows\Installer\4fc075.msp c:\windows\Installer\4fc076.msp c:\windows\Installer\4fc077.msp c:\windows\Installer\4fc078.msp c:\windows\Installer\4fc079.msp c:\windows\Installer\4fc07a.msp c:\windows\Installer\4fc20.msp c:\windows\Installer\4fc21.msp c:\windows\Installer\4fc22.msp c:\windows\Installer\4fc23.msp c:\windows\Installer\4fc24.msp c:\windows\Installer\4fc25.msp c:\windows\Installer\4fc26.msp c:\windows\Installer\4fc27.msp c:\windows\Installer\4fc28.msp c:\windows\Installer\507b9.msp c:\windows\Installer\507ba.msp c:\windows\Installer\507bb.msp c:\windows\Installer\507bc.msp c:\windows\Installer\507bd.msp c:\windows\Installer\507be.msp c:\windows\Installer\507bf.msp c:\windows\Installer\507c0.msp c:\windows\Installer\507c1.msp c:\windows\Installer\515c3.msp c:\windows\Installer\515c4.msp c:\windows\Installer\515c5.msp c:\windows\Installer\515c6.msp c:\windows\Installer\515c7.msp c:\windows\Installer\515c8.msp c:\windows\Installer\515c9.msp c:\windows\Installer\515ca.msp c:\windows\Installer\515cb.msp c:\windows\Installer\51ac4.msp c:\windows\Installer\51ac5.msp c:\windows\Installer\51ac6.msp c:\windows\Installer\51ac7.msp c:\windows\Installer\51ac8.msp c:\windows\Installer\51ac9.msp c:\windows\Installer\51aca.msp c:\windows\Installer\51acb.msp c:\windows\Installer\51acc.msp c:\windows\Installer\51fb5.msp c:\windows\Installer\51fb6.msp c:\windows\Installer\51fb7.msp c:\windows\Installer\51fb8.msp c:\windows\Installer\51fb9.msp c:\windows\Installer\51fba.msp c:\windows\Installer\51fbb.msp c:\windows\Installer\51fbc.msp c:\windows\Installer\51fbd.msp c:\windows\Installer\524f5.msp c:\windows\Installer\524f6.msp c:\windows\Installer\524f7.msp c:\windows\Installer\524f8.msp c:\windows\Installer\524f9.msp c:\windows\Installer\524fa.msp c:\windows\Installer\524fb.msp c:\windows\Installer\524fc.msp c:\windows\Installer\524fd.msp c:\windows\Installer\53243.msp c:\windows\Installer\53244.msp c:\windows\Installer\53245.msp c:\windows\Installer\53246.msp c:\windows\Installer\53247.msp c:\windows\Installer\53248.msp c:\windows\Installer\53249.msp c:\windows\Installer\5324a.msp c:\windows\Installer\5324b.msp c:\windows\Installer\53457.msp c:\windows\Installer\53458.msp c:\windows\Installer\53459.msp c:\windows\Installer\5345a.msp c:\windows\Installer\5345b.msp c:\windows\Installer\5345c.msp c:\windows\Installer\5345d.msp c:\windows\Installer\5345e.msp c:\windows\Installer\5345f.msp c:\windows\Installer\53dfb.msp c:\windows\Installer\53dfc.msp c:\windows\Installer\53dfd.msp c:\windows\Installer\53dfe.msp c:\windows\Installer\53dff.msp c:\windows\Installer\53e00.msp c:\windows\Installer\53e01.msp c:\windows\Installer\53e02.msp c:\windows\Installer\53e03.msp c:\windows\Installer\54dda.msp c:\windows\Installer\54ddb.msp c:\windows\Installer\54ddc.msp c:\windows\Installer\54ddd.msp c:\windows\Installer\54dde.msp c:\windows\Installer\54ddf.msp c:\windows\Installer\54de0.msp c:\windows\Installer\54de1.msp c:\windows\Installer\54de2.msp c:\windows\Installer\54e28.msp c:\windows\Installer\54e29.msp c:\windows\Installer\54e2a.msp c:\windows\Installer\54e2b.msp c:\windows\Installer\54e2c.msp c:\windows\Installer\54e2d.msp c:\windows\Installer\54e2e.msp c:\windows\Installer\54e2f.msp c:\windows\Installer\54e30.msp c:\windows\Installer\54ec4.msp c:\windows\Installer\54ec5.msp c:\windows\Installer\54ec6.msp c:\windows\Installer\54ec7.msp c:\windows\Installer\54ec8.msp c:\windows\Installer\54ec9.msp c:\windows\Installer\54eca.msp c:\windows\Installer\54ecb.msp c:\windows\Installer\54ecc.msp c:\windows\Installer\559d0.msp c:\windows\Installer\559d1.msp c:\windows\Installer\559d2.msp c:\windows\Installer\559d3.msp c:\windows\Installer\559d4.msp c:\windows\Installer\559d5.msp c:\windows\Installer\559d6.msp c:\windows\Installer\559d7.msp c:\windows\Installer\559d8.msp c:\windows\Installer\5797e.msp c:\windows\Installer\5797f.msp c:\windows\Installer\57980.msp c:\windows\Installer\57981.msp c:\windows\Installer\57982.msp c:\windows\Installer\57983.msp c:\windows\Installer\57984.msp c:\windows\Installer\57985.msp c:\windows\Installer\57986.msp c:\windows\Installer\5d2893.msp c:\windows\Installer\5d2894.msp c:\windows\Installer\5d2895.msp c:\windows\Installer\5d2896.msp c:\windows\Installer\5d2897.msp c:\windows\Installer\5d2898.msp c:\windows\Installer\5d2899.msp c:\windows\Installer\5d289a.msp c:\windows\Installer\5d289b.msp c:\windows\Installer\5d8f3.msp c:\windows\Installer\5d8f4.msp c:\windows\Installer\5d8f5.msp c:\windows\Installer\5d8f6.msp c:\windows\Installer\5d8f7.msp c:\windows\Installer\5d8f8.msp c:\windows\Installer\5d8f9.msp c:\windows\Installer\5d8fa.msp c:\windows\Installer\5d8fb.msp c:\windows\Installer\5d970.msp c:\windows\Installer\5d971.msp c:\windows\Installer\5d972.msp c:\windows\Installer\5d973.msp c:\windows\Installer\5d974.msp c:\windows\Installer\5d975.msp c:\windows\Installer\5d976.msp c:\windows\Installer\5d977.msp c:\windows\Installer\5d978.msp c:\windows\Installer\64f0e.msp c:\windows\Installer\64f0f.msp c:\windows\Installer\64f10.msp c:\windows\Installer\64f11.msp c:\windows\Installer\64f12.msp c:\windows\Installer\64f13.msp c:\windows\Installer\64f14.msp c:\windows\Installer\64f15.msp c:\windows\Installer\64f16.msp c:\windows\Installer\69425.msp c:\windows\Installer\69426.msp c:\windows\Installer\69427.msp c:\windows\Installer\69428.msp c:\windows\Installer\69429.msp c:\windows\Installer\6942a.msp c:\windows\Installer\6942b.msp c:\windows\Installer\6942c.msp c:\windows\Installer\6942d.msp c:\windows\Installer\6dc5a.msp c:\windows\Installer\6dc5b.msp c:\windows\Installer\6dc5c.msp c:\windows\Installer\6dc5d.msp c:\windows\Installer\6dc5e.msp c:\windows\Installer\6dc5f.msp c:\windows\Installer\6dc60.msp c:\windows\Installer\6dc61.msp c:\windows\Installer\6dc62.msp c:\windows\Installer\7a9a2c.msp c:\windows\Installer\7a9a2d.msp c:\windows\Installer\7a9a2e.msp c:\windows\Installer\7a9a2f.msp c:\windows\Installer\7a9a30.msp c:\windows\Installer\7a9a31.msp c:\windows\Installer\7a9a32.msp c:\windows\Installer\7a9a33.msp c:\windows\Installer\7a9a34.msp c:\windows\Installer\7bdda8.msp c:\windows\Installer\7bdda9.msp c:\windows\Installer\7bddaa.msp c:\windows\Installer\7bddab.msp c:\windows\Installer\7bddac.msp c:\windows\Installer\7bddad.msp c:\windows\Installer\7bddae.msp c:\windows\Installer\7bddaf.msp c:\windows\Installer\7bddb0.msp c:\windows\Installer\7e74fd.msp c:\windows\Installer\7e74fe.msp c:\windows\Installer\7e74ff.msp c:\windows\Installer\7e7500.msp c:\windows\Installer\7e7501.msp c:\windows\Installer\7e7502.msp c:\windows\Installer\7e7503.msp c:\windows\Installer\7e7504.msp c:\windows\Installer\7e7505.msp c:\windows\Installer\a3d53a.msp c:\windows\Installer\a3d53b.msp c:\windows\Installer\a3d53c.msp c:\windows\Installer\a3d53d.msp c:\windows\Installer\a3d53e.msp c:\windows\Installer\a3d53f.msp c:\windows\Installer\a3d540.msp c:\windows\Installer\a3d541.msp c:\windows\Installer\a3d542.msp c:\windows\Installer\a5bbc.msp c:\windows\Installer\a5bbd.msp c:\windows\Installer\a5bbe.msp c:\windows\Installer\a5bbf.msp c:\windows\Installer\a5bc0.msp c:\windows\Installer\a5bc1.msp c:\windows\Installer\a5bc2.msp c:\windows\Installer\a5bc3.msp c:\windows\Installer\a5bc4.msp c:\windows\Installer\e897b.msp c:\windows\Installer\e897c.msp c:\windows\Installer\e897d.msp c:\windows\Installer\e897e.msp c:\windows\Installer\e897f.msp c:\windows\Installer\e8980.msp c:\windows\Installer\e8981.msp c:\windows\Installer\e8982.msp c:\windows\Installer\e8983.msp c:\windows\search_res.txt c:\windows\system\msvbvm60.dll . (((((((((((((((((((( Bestanden Gemaakt van 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))) . 2009-08-20 08:01 . 2009-08-20 08:12 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-19 22:48 . 2009-08-19 22:48 -------- d-----w- c:\documents and settings\pcs\Application Data\Malwarebytes 2009-08-19 22:48 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-19 22:48 . 2009-08-19 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-19 22:48 . 2009-08-19 22:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-19 22:48 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-19 18:33 . 2009-08-19 18:33 -------- d-----w- c:\program files\Trend Micro 2009-08-19 16:38 . 2009-08-19 16:38 -------- d-----w- c:\documents and settings\pcs\Application Data\Uniblue 2009-08-19 16:38 . 2009-07-06 04:09 2568216 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe 2009-08-19 16:38 . 2009-08-19 16:38 -------- d-----w- c:\program files\Uniblue 2009-08-19 16:38 . 2008-08-26 16:48 99624 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe 2009-08-19 16:38 . 2008-08-26 16:48 757760 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll 2009-08-19 16:38 . 2008-08-26 16:48 6676480 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll 2009-08-19 16:38 . 2008-08-26 16:48 497496 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll 2009-08-19 16:38 . 2008-08-26 16:48 413696 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\52CD59C9\6383BC9B\update.dll 2009-08-19 16:38 . 2008-08-26 16:48 2019624 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe 2009-08-19 16:38 . 2008-08-26 16:48 111912 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe 2009-08-19 16:37 . 2009-08-19 16:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1} 2009-08-19 12:51 . 2009-08-19 12:51 64 ----a-w- c:\documents and settings\pcs\Application Data\Mozilla\Firefox\Profiles\jlcmk8a0.default\extensions\dvscontextmenuy@dvdvideosoft.com 2009-08-13 01:04 . 2009-08-13 01:04 -------- d-----w- c:\windows\ServicePackFiles 2009-08-12 10:29 . 2009-06-05 07:55 655872 ------w- c:\windows\system32\dllcache\mstscax.dll 2009-08-07 11:33 . 2009-08-07 11:33 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-07 11:33 . 2009-08-07 11:33 -------- d-----w- c:\program files\MSBuild 2009-08-07 11:32 . 2009-08-07 11:32 -------- d-----w- c:\program files\Reference Assemblies 2009-08-07 11:32 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-07 11:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-07 11:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-07 11:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-07 11:32 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-07 11:32 . 2009-08-07 11:32 -------- d-----w- C:\44588f19e408fc1bfaf9fe6e8a 2009-08-07 11:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-07 11:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-07 11:25 . 2009-08-07 11:25 -------- d-----w- c:\program files\MSXML 6.0 2009-08-05 09:07 . 2009-08-05 09:07 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-28 21:59 . 2007-10-12 13:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll 2009-07-28 21:59 . 2007-10-02 07:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll 2009-07-28 21:59 . 2007-10-12 13:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll 2009-07-28 21:58 . 2009-07-28 21:59 -------- d--h--w- c:\windows\msdownld.tmp 2009-07-28 21:58 . 2009-07-28 21:58 -------- d-----w- c:\windows\Logs 2009-07-28 21:27 . 2009-07-28 21:27 -------- d-----w- c:\documents and settings\pcs\Local Settings\Application Data\DNA 2009-07-28 21:27 . 2009-08-20 08:38 -------- d-----w- c:\documents and settings\pcs\Application Data\DNA 2009-07-28 21:27 . 2009-08-20 08:18 -------- d-----w- c:\program files\DNA 2009-07-26 22:14 . 2009-07-26 22:14 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys 2009-07-26 22:13 . 2009-07-26 22:13 32480 ----a-w- c:\windows\system32\Partizan.exe 2009-07-26 22:13 . 2009-07-26 22:13 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2009-07-26 22:10 . 2009-07-26 22:10 2 --shatr- c:\windows\winstart.bat 2009-07-26 22:09 . 2009-07-26 22:09 -------- d-----w- c:\program files\Greatis . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-20 08:03 . 2007-04-28 17:01 12 ----a-w- c:\windows\bthservsdp.dat 2009-08-19 16:32 . 2009-08-19 16:32 150 --sh--w- C:\autorun.inf.tmp 2009-08-19 12:51 . 2008-06-02 20:37 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-08-19 12:50 . 2008-06-02 20:37 -------- d-----w- c:\program files\DVDVideoSoft 2009-08-07 13:55 . 2005-11-09 14:18 82528 ----a-w- c:\documents and settings\pcs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-07 11:46 . 2004-09-08 11:27 585018 ----a-w- c:\windows\system32\perfh013.dat 2009-08-07 11:46 . 2004-09-08 11:27 126216 ----a-w- c:\windows\system32\perfc013.dat 2009-08-05 09:07 . 2004-08-04 08:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-27 21:57 . 2006-02-18 13:54 21840 ----atw- c:\windows\system32\SIntfNT.dll 2009-07-27 21:57 . 2006-02-18 13:54 17212 ----atw- c:\windows\system32\SIntf32.dll 2009-07-27 21:57 . 2006-02-18 13:54 12067 ----atw- c:\windows\system32\SIntf16.dll 2009-07-27 10:02 . 2005-09-16 23:44 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-25 17:03 . 2006-08-03 13:01 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory 2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-04 13:10 . 2009-01-18 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania 2009-07-04 13:07 . 2007-08-24 12:10 138512 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-04 13:07 . 2007-08-24 12:10 201440 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-06-29 16:01 . 2004-08-04 08:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:01 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:01 . 2004-08-04 08:00 17408 ------w- c:\windows\system32\corpol.dll 2009-06-16 14:55 . 2004-08-04 08:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 11:33 . 2004-08-04 08:00 79872 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:26 . 2004-08-04 08:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:32 . 2004-08-04 08:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 18:10 . 2009-06-06 12:28 480688 ----a-w- c:\documents and settings\pcs\Application Data\ijjigame\ijjistarter2FxB.exe 2009-06-05 07:55 . 2004-08-04 08:00 655872 ----a-w- c:\windows\system32\mstscax.dll 2009-06-03 19:27 . 2004-08-04 08:00 1294848 ----a-w- c:\windows\system32\quartz.dll 2009-06-03 15:48 . 2009-06-05 18:09 779720 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\PurpleBean.exe 2009-05-26 15:31 . 2009-06-05 18:07 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-07-28 323392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-08 339968] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816] "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592] "BTUSRBDG"="BtUsrBdg.exe" - c:\windows\system32\BtUsrBdg.exe [2003-11-05 53248] "BTSETBOOTKEY"="BTSetBootKey.exe" - c:\windows\system32\BTSetBootKey.exe [2003-04-15 36864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth II\\game.dat"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Electronic Arts\\The Rise of the Witch-king\\game.dat"= "c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\ijji\\ENGLISH\\u_gunz.exe"= "c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"= "c:\\Program Files\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Sierra\\Empire Earth\\Empire Earth.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\AeriaGames\\WolfTeam\\Wolfteam.bin"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5725:TCP"= 5725:TCP:*:Disabled:SolidNetworkManager "5725:UDP"= 5725:UDP:*:Disabled:SolidNetworkManager "50088:TCP"= 50088:TCP:*:Disabled:SolidNetworkManager "50088:UDP"= 50088:UDP:*:Disabled:SolidNetworkManager R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [1/05/2006 16:43 19478] R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [1/05/2006 16:43 635012] R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [1/05/2006 16:43 431236] R3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys [28/04/2007 14:19 57512] R3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\drivers\BtKrnBdg.sys [28/04/2007 14:19 15876] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/08/2007 22:08 112688] R3 vad_multi;Windigo Virtual Audio Device (WDM);c:\windows\system32\drivers\vadmulti.sys [28/04/2007 14:19 17792] S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [1/05/2006 16:43 64093] S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [4/10/2005 21:55 223232] S3 CSRBC01;%CSRBC01.SvcDesc%;c:\windows\system32\drivers\CSRBC01.sys [28/04/2007 14:19 24859] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [17/05/2009 20:15 36608] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [27/07/2009 0:14 34760] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [27/07/2009 0:13 24416] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [17/05/2009 20:15 90112] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [17/05/2009 20:15 14976] S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [17/05/2009 20:15 121856] S3 XDva120;XDva120;\??\c:\windows\system32\XDva120.sys --> c:\windows\system32\XDva120.sys [?] . Inhoud van de 'Gedeelde Taken' map 2009-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-CIO - c:\progra~1\chatit~1\che7e1~1.exe HKLM-Run-NPSStartup - (no file) SafeBoot-AVG Anti-Spyware Driver . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: live.com\sofievdb.spaces FF - ProfilePath - c:\documents and settings\pcs\Application Data\Mozilla\Firefox\Profiles\jlcmk8a0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://nl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\documents and settings\pcs\Application Data\Mozilla\Firefox\Profiles\jlcmk8a0.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-08-20 10:38 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?9?3?9??????? ???B?????????????H<C? ?????? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-2593564199-182219391-2560684300-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(740) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2009-08-20 10:44 ComboFix-quarantined-files.txt 2009-08-20 08:43 Pre-Run: 19.818.344.448 bytes beschikbaar Post-Run: 21.187.833.856 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 896 --- E O F --- 2009-08-13 09:31 HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:46:46, on 20/08/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\BtUsrBdg.exe C:\WINDOWS\system32\BTSetBootKey.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\DNA\btdna.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [bTUSRBDG] BtUsrBdg.exe O4 - HKLM\..\Run: [bTSETBOOTKEY] BTSetBootKey.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O15 - Trusted Zone: http://sofievdb.spaces.live.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lieven1992.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://delieven.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 11093 bytes

ik sluit die gewoon met een kabel op mijn pc aan dus hij ziet het als een soort massa opslag ding.

Malwarebytes' Anti-Malware 1.40 Database versie: 2659 Windows 5.1.2600 Service Pack 2 20/08/2009 1:02:44 mbam-log-2009-08-20 (01-02-44).txt Scan type: Snelle Scan Objecten gescand: 102284 Verstreken tijd: 9 minute(s), 45 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 18 Registerwaarden geïnfecteerd: 1 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 3 Bestanden geïnfecteerd: 13 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\leosrv.bvlt (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\leosrv.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{50415dd4-afbb-4543-b265-7bd75a607f03} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{779b9e97-275c-44f3-ae58-e84ece760924} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b3ea154b-8d5f-4f74-88ed-0b45e1729b02} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{62ea9201-8cc7-4199-ac30-7744f836322e} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{dcbf721a-11e3-4fb8-93d6-9ae46178d5b6} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e1b6ffbb-42b6-476c-821b-4a46c5eae3e1} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e2c96138-08a8-4945-aae6-0542e7ae0ff2} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5ed7d3de-6dbe-4516-8712-01b1b64b7057} (Adware.SmartShopper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{62ea9201-8cc7-4199-ac30-7744f836322e} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dcbf721a-11e3-4fb8-93d6-9ae46178d5b6} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MS32DLL (VBS.Godzilla) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: C:\Documents and Settings\pcs\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\pcs\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\autorun.pif (Malware.NSPack) -> Quarantined and deleted successfully. C:\WINDOWS\lsass.exe (Malware.NSPack) -> Quarantined and deleted successfully. C:\Documents and Settings\pcs\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\pcs\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\pcs\Application Data\RegistrySmart\Log\log_2007_03_26_15_37_29.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\pcs\Application Data\RegistrySmart\Log\log_2007_03_26_15_37_30.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Program Files\RegistrySmart\RegistrySmart.exe (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Program Files\RegistrySmart\Scheduler.exe (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\pcs\Favorieten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\pcs\Favorieten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\pcs\Favorieten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully. \.MS32DLL.dll.vbs (VBS.Godzilla) -> Quarantined and deleted successfully. ik edit later ^^ btw: Hoe kan ik bevoorbeeld een fototoestel checken op virussen zonder mijn pc te infecteren ? hijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:11:34, on 20/08/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\QTTask.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\BtUsrBdg.exe C:\WINDOWS\system32\BTSetBootKey.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\DNA\btdna.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CIO] c:\progra~1\chatit~1\che7e1~1.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [bTUSRBDG] BtUsrBdg.exe O4 - HKLM\..\Run: [bTSETBOOTKEY] BTSetBootKey.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [winboot] wscript.exe /E:vbs C:\WINDOWS\boot.ini O4 - HKLM\..\Run: [MS32DLL] \.MS32DLL.dll.vbs O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O15 - Trusted Zone: http://sofievdb.spaces.live.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lieven1992.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://delieven.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 12016 bytes