Ga naar inhoud

DavidClaes

Lid
  • Items

    42
  • Registratiedatum

  • Laatst bezocht

Berichten die geplaatst zijn door DavidClaes

  1. Malwarebytes' Anti-Malware 1.51.2.1300

    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Databaseversie: 8013

    Windows 6.0.6002 Service Pack 2

    Internet Explorer 7.0.6002.18005

    24/10/2011 20:19:20

    mbam-log-2011-10-24 (20-19-20).txt

    Scantype: Snelle scan

    Objecten gescand: 177119

    Verstreken tijd: 5 minuut/minuten, 36 seconde(n)

    Geheugenprocessen geïnfecteerd: 0

    Geheugenmodulen geïnfecteerd: 0

    Registersleutels geïnfecteerd: 1

    Registerwaarden geïnfecteerd: 0

    Registerdata geïnfecteerd: 0

    Mappen geïnfecteerd: 2

    Bestanden geïnfecteerd: 6

    Geheugenprocessen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:

    HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Zentom System Guard (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:

    c:\Users\Özhan\AppData\Roaming\microsoft\Windows\start menu\Programs\zentom system guard (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.

    c:\sys920e.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:

    c:\Users\Özhan\AppData\Local\Temp\err.log15278815 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    c:\sys920e.bin\a6aa619422f.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

    c:\Users\Özhan\Desktop\zentom system guard.lnk (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.

    c:\Users\Özhan\AppData\Roaming\microsoft\internet explorer\quick launch\zentom system guard.lnk (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.

    c:\Users\Özhan\AppData\Roaming\microsoft\Windows\start menu\Programs\zentom system guard\zentom system guard.lnk (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.

    c:\Users\Özhan\AppData\Roaming\microsoft\Windows\start menu\Programs\zentom system guard\uninstall.lnk (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 21:01:04, on 24/10/2011

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v7.00 (7.00.6002.18005)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Apoint2K\Apoint.exe

    C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

    C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe

    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\IDT\WDM\sttray.exe

    C:\Program Files\HP\HP Software Update\hpwuschd2.exe

    C:\Program Files\McAfee\Common Framework\UdaterUI.exe

    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

    C:\Program Files\PowerISO\PWRISOVM.EXE

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    C:\Program Files\Steam\Steam.exe

    C:\Program Files\Apoint2K\ApMsgFwd.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\McAfee\Common Framework\McTray.exe

    C:\Program Files\Apoint2K\Apntex.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

    C:\Windows\system32\conime.exe

    C:\Program Files\Windows Live\Mail\wlmail.exe

    C:\Program Files\Windows Live\Contacts\wlcomm.exe

    C:\Program Files\Safari\Safari.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

    O1 - Hosts: ::1 localhost

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

    O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

    O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

    O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"

    O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

    O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

    O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

    O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

    O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

    O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup

    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_7c71e337\STacSV.exe

    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

    O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

    --

    End of file - 11308 bytes

  2. Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 18:53:52, on 24/10/2011

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v7.00 (7.00.6002.18005)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Apoint2K\Apoint.exe

    C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

    C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe

    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\IDT\WDM\sttray.exe

    C:\Program Files\McAfee\Common Framework\UdaterUI.exe

    C:\Program Files\PowerISO\PWRISOVM.EXE

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\McAfee\Common Framework\McTray.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    C:\Program Files\Apoint2K\ApMsgFwd.exe

    C:\Program Files\Apoint2K\Apntex.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

    C:\Windows\system32\conime.exe

    C:\Program Files\Windows Live\Mail\wlmail.exe

    C:\Program Files\Windows Live\Contacts\wlcomm.exe

    C:\Program Files\Safari\Safari.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

    R3 - URLSearchHook: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)

    O1 - Hosts: ::1 localhost

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

    O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

    O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

    O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"

    O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

    O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

    O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

    O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

    O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

    O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup

    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

    O4 - HKCU\..\Run: [senrmodk70.exe] "C:\Users\Özhan\AppData\Roaming\3F717AF4A56C76BF70C90961F76CFE58\senrmodk70.exe"

    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    O4 - Startup: Zentom System Guard.lnk = ?

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_7c71e337\STacSV.exe

    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

    O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

    --

    End of file - 10943 bytes

  3. Hallo allemaal,

    ik had voor het weekend zo een 80-90 GB vrij aan geheugen. In het weekend was ik thuis en zag ik in de map 'Computer' (weet het echter niet zeker) buiten mijn 2 harde schijven ook een 'link' staan naar de laptop van mijn broer. Ik probeerde eens te zien wat daarmee gedaan kon worden dus probeerde ik eens wat. Nu heb ik nog amper 7-8 GB vrij. Ik weet niet wat ik gedaan heb, of hoe, maar mijn geheugen is volzet met iets.

    Hoe maak ik dit ongedaan?

  4. ComboFix 11-05-12.04 - Özhan 13/05/2011 19:14:31.2.2 - x86

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3037.1733 [GMT 2:00]

    Gestart vanuit: c:\users\Özhan\Desktop\ComboFix.exe

    gebruikte Opdracht switches :: c:\users\Özhan\Desktop\CFScript.txt

    AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\users\Özhan\AppData\Local\{03897765-F225-413D-8FF7-552A83201771}

    c:\users\Özhan\AppData\Local\{058DA037-F348-4C86-B777-558FE3944D27}

    c:\users\Özhan\AppData\Local\{05F93685-2A93-4083-BA76-BB0EFBA24FD9}

    c:\users\Özhan\AppData\Local\{0724F91D-3102-431E-BC4B-5F9B92A09DB9}

    c:\users\Özhan\AppData\Local\{1C95AC7C-83F9-4734-8512-630CA766934E}

    c:\users\Özhan\AppData\Local\{20613654-3DA3-4F90-B6B7-DFD2DFFADA9E}

    c:\users\Özhan\AppData\Local\{2768199F-7E74-431A-81C0-2E25452519B7}

    c:\users\Özhan\AppData\Local\{3986008D-3730-4EED-85BC-466F4A4B74E5}

    c:\users\Özhan\AppData\Local\{3CB56B16-8198-41D0-A2C7-4A1D057AF863}

    c:\users\Özhan\AppData\Local\{3D263058-8233-4F24-B40C-6D1955C18104}

    c:\users\Özhan\AppData\Local\{3F555E11-9A5A-4E4E-8EB6-AC8D42DF5B2B}

    c:\users\Özhan\AppData\Local\{41CB89B8-5807-45FB-8459-2D0024B5A28C}

    c:\users\Özhan\AppData\Local\{432D6624-7B00-4230-99B9-68CA9002C7B9}

    c:\users\Özhan\AppData\Local\{53B4C300-0393-44C9-B099-C9A3CFEC76E0}

    c:\users\Özhan\AppData\Local\{551B8BBF-851F-42F9-816A-5A3F64B665B9}

    c:\users\Özhan\AppData\Local\{5C1124DE-5F0F-4BCE-BB44-E8A445C71285}

    c:\users\Özhan\AppData\Local\{677B3AC7-F0A4-47B3-987A-BBF108DE46A3}

    c:\users\Özhan\AppData\Local\{693BD419-070E-405C-AF9A-385E92D04AAC}

    c:\users\Özhan\AppData\Local\{6B165EDF-63A8-41DE-8A13-CD8B361836E4}

    c:\users\Özhan\AppData\Local\{6EB30799-E542-42A5-B760-0A26FA052FE5}

    c:\users\Özhan\AppData\Local\{77B24EB1-2BBE-4B7C-9586-CF4D3A73EE4C}

    c:\users\Özhan\AppData\Local\{79B10640-B1A3-43AD-A564-AD039A0D391E}

    c:\users\Özhan\AppData\Local\{7B459EF2-304A-4CC7-8A48-2E7144E3648F}

    c:\users\Özhan\AppData\Local\{7C5A024F-F9F3-4F20-BCD8-F3A269A11D42}

    c:\users\Özhan\AppData\Local\{8060D7DC-3224-48FD-A90C-363CEEDFC744}

    c:\users\Özhan\AppData\Local\{83A640E1-9C7E-4C17-A30F-BBDFBAEF066F}

    c:\users\Özhan\AppData\Local\{888C3697-017F-47B7-AC58-C2E0812EFCEA}

    c:\users\Özhan\AppData\Local\{90252519-E183-4B8E-B3CA-E86E8E9B6B92}

    c:\users\Özhan\AppData\Local\{95B76AC4-ED4B-4ADA-8576-B38E7617EB67}

    c:\users\Özhan\AppData\Local\{9E16AA0C-4DE1-4DB6-AB67-A6EA0FF7958D}

    c:\users\Özhan\AppData\Local\{AADA36C5-BCF0-4546-83AB-E7491F851DC3}

    c:\users\Özhan\AppData\Local\{B5DBECDD-9EB5-4DEC-B842-7BAF063C4AD4}

    c:\users\Özhan\AppData\Local\{C28A647A-C7A9-4B0A-8B59-01AB2D38C13D}

    c:\users\Özhan\AppData\Local\{CA0D6869-B0BB-4F21-B738-627975D9B495}

    c:\users\Özhan\AppData\Local\{CBEA1396-5D2D-4EDF-823F-1E196280BB3A}

    c:\users\Özhan\AppData\Local\{D5A0771F-B978-436C-9DFE-F540050979B3}

    c:\users\Özhan\AppData\Local\{D6E19451-3380-4872-A0CE-7513E73801F2}

    c:\users\Özhan\AppData\Local\{DB031B21-0CF7-4118-A511-49B674015424}

    c:\users\Özhan\AppData\Local\{DCB6226B-6694-4645-9C3D-1EA3CE9431EC}

    c:\users\Özhan\AppData\Local\{DDBA5139-04C5-4861-8C31-F4F05D6A4A29}

    c:\users\Özhan\AppData\Local\{E1287560-34C9-4570-995B-68C0C5196A20}

    c:\users\Özhan\AppData\Local\{E581C6B9-3D01-46F4-91D9-2B4E32898C14}

    c:\users\Özhan\AppData\Local\{E5863781-D501-4B8E-AC80-EC6CACD21EB4}

    c:\users\Özhan\AppData\Local\{F63CEAE5-DC09-4DAF-8408-07CF5551E100}

    c:\users\Özhan\AppData\Local\{FC3CEAAD-BC14-42DE-8C07-19F5C0397199}

    c:\users\Özhan\AppData\Local\{FDA3D47A-60CD-4748-A719-BC30A38F82A2}

    .

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2011-04-13 to 2011-05-13 ))))))))))))))))))))))))))))))

    .

    .

    2011-05-13 17:29 . 2011-05-13 17:29 -------- d-----w- c:\users\Default\AppData\Local\temp

    2011-05-13 08:02 . 2011-05-13 08:02 -------- d-----w- c:\users\Özhan\AppData\Local\{975E193F-5A2C-4ADF-ABB1-05564A48F449}

    2011-05-12 17:52 . 2011-05-12 17:52 -------- d-----w- c:\users\Özhan\AppData\Local\{195342DD-7A3C-4452-AE15-0B7C1FB3C4C2}

    2011-05-12 17:52 . 2011-05-12 17:52 -------- d-----w- c:\users\Özhan\AppData\Local\{14909596-8EEC-404F-8864-B7F74159993D}

    2011-05-11 20:41 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD6DC930-779A-4612-9C8A-25BB99BDDBBA}\mpengine.dll

    2011-05-10 21:53 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

    2011-04-27 13:30 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

    2011-04-27 13:30 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

    2011-04-27 13:30 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-03-09 12:46 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

    2011-03-03 15:40 . 2011-04-27 13:30 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

    2011-03-03 15:40 . 2011-04-27 13:30 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll

    2011-03-03 15:40 . 2011-04-27 13:30 542720 ----a-w- c:\windows\apppatch\AcLayers.dll

    2011-03-03 15:40 . 2011-04-27 13:30 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll

    2011-02-22 14:13 . 2011-03-24 07:16 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

    2011-02-22 13:33 . 2011-03-24 07:16 1068544 ----a-w- c:\windows\system32\DWrite.dll

    2011-02-22 13:33 . 2011-03-24 07:16 797696 ----a-w- c:\windows\system32\FntCache.dll

    2010-01-06 18:07 . 2010-08-23 21:03 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-11 2424192]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-11-17 258048]

    "DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-01-07 1148200]

    "TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-01-08 1316136]

    "CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-01-08 189736]

    "TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-05-08 206120]

    "UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]

    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]

    "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

    "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]

    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]

    "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

    "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

    "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-01-23 484408]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-21 483420]

    "snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]

    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]

    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-01-06 124240]

    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

    .

    c:\users\™zhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

    2010-11-26 10:19 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

    @="Service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    .

    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-06 66600]

    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-11-26 12872]

    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-11-26 12872]

    S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.sys [2010-11-26 67656]

    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/13 08:16];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2009-01-07 23:19 87536]

    S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

    S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2010-01-06 22816]

    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-01-06 70728]

    S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-23 365952]

    S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-01-06 296320]

    S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-01-06 116096]

    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512]

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    bthsvcs REG_MULTI_SZ BthServ

    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    .

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    ezSharedSvc

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

    2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

    .

    .

    ------- Bijkomende Scan -------

    .

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

    uInternet Settings,ProxyOverride = <local>;*.local

    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    FF - ProfilePath - c:\users\Özhan\AppData\Roaming\Mozilla\Firefox\Profiles\o3289nvn.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.khanacademy.org/

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

    FF - user.js: network.cookie.cookieBehavior - 0

    FF - user.js: privacy.clearOnShutdown.cookies - false

    FF - user.js: security.warn_viewing_mixed - false

    FF - user.js: security.warn_viewing_mixed.show_once - false

    FF - user.js: security.warn_submit_insecure - false

    FF - user.js: security.warn_submit_insecure.show_once - false

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

    Rootkit scan 2011-05-13 19:29

    Windows 6.0.6002 Service Pack 2 NTFS

    .

    scannen van verborgen processen ...

    .

    scannen van verborgen autostart items ...

    .

    scannen van verborgen bestanden ...

    .

    Scan succesvol afgerond

    verborgen bestanden: 0

    .

    **************************************************************************

    .

    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    .

    [HKEY_USERS\S-1-5-21-2756444411-2769091417-4138663883-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

    "??"=hex:de,7f,f6,fb,10,15,e1,b4,1d,d4,0e,51,58,48,ed,e7,78,15,33,f8,c2,14,8e,

    61,bc,40,13,fe,10,d7,29,6f,f3,8e,36,1d,78,b8,ea,0c,8b,ca,c2,d3,04,09,c2,ee,\

    "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

    .

    Voltooingstijd: 2011-05-13 19:33:05

    ComboFix-quarantined-files.txt 2011-05-13 17:32

    ComboFix2.txt 2011-05-12 17:43

    .

    Pre-Run: 42.735.026.176 bytes beschikbaar

    Post-Run: 43.925.499.904 bytes beschikbaar

    .

    - - End Of File - - 9884534634D8D003208FFC8A84B0C858

  5. ComboFix 11-05-11.04 - Özhan 12/05/2011 19:16:19.1.2 - x86

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3037.1620 [GMT 2:00]

    Gestart vanuit: c:\users\Özhan\Desktop\ComboFix.exe

    AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2011-04-12 to 2011-05-12 ))))))))))))))))))))))))))))))

    .

    .

    2011-05-12 17:33 . 2011-05-12 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp

    2011-05-11 21:43 . 2011-05-11 21:43 -------- d-----w- c:\users\Özhan\AppData\Local\{03897765-F225-413D-8FF7-552A83201771}

    2011-05-11 20:41 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD6DC930-779A-4612-9C8A-25BB99BDDBBA}\mpengine.dll

    2011-05-10 21:53 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

    2011-05-10 17:08 . 2011-05-10 17:08 -------- d--h--w- c:\users\Özhan\AppData\Local\{77B24EB1-2BBE-4B7C-9586-CF4D3A73EE4C}

    2011-05-09 16:28 . 2011-05-09 16:28 -------- d--h--w- c:\users\Özhan\AppData\Local\{CA0D6869-B0BB-4F21-B738-627975D9B495}

    2011-05-08 19:54 . 2011-05-08 19:54 -------- d--h--w- c:\users\Özhan\AppData\Local\{83A640E1-9C7E-4C17-A30F-BBDFBAEF066F}

    2011-05-07 06:22 . 2011-05-07 06:22 -------- d--h--w- c:\users\Özhan\AppData\Local\{B5DBECDD-9EB5-4DEC-B842-7BAF063C4AD4}

    2011-05-06 13:45 . 2011-05-06 13:45 -------- d--h--w- c:\users\Özhan\AppData\Local\{DDBA5139-04C5-4861-8C31-F4F05D6A4A29}

    2011-05-05 16:49 . 2011-05-05 16:50 -------- d--h--w- c:\users\Özhan\AppData\Local\{6B165EDF-63A8-41DE-8A13-CD8B361836E4}

    2011-05-04 19:16 . 2011-05-04 19:16 -------- d--h--w- c:\users\Özhan\AppData\Local\{677B3AC7-F0A4-47B3-987A-BBF108DE46A3}

    2011-05-04 18:40 . 2011-05-04 18:40 -------- d--h--w- c:\users\Özhan\AppData\Local\{888C3697-017F-47B7-AC58-C2E0812EFCEA}

    2011-05-04 06:22 . 2011-05-04 06:22 -------- d--h--w- c:\users\Özhan\AppData\Local\{7B459EF2-304A-4CC7-8A48-2E7144E3648F}

    2011-05-03 13:31 . 2011-05-03 13:31 -------- d--h--w- c:\users\Özhan\AppData\Local\{9E16AA0C-4DE1-4DB6-AB67-A6EA0FF7958D}

    2011-05-03 13:31 . 2011-05-03 13:31 -------- d--h--w- c:\users\Özhan\AppData\Local\{3F555E11-9A5A-4E4E-8EB6-AC8D42DF5B2B}

    2011-05-02 13:19 . 2011-05-02 13:19 -------- d--h--w- c:\users\Özhan\AppData\Local\{551B8BBF-851F-42F9-816A-5A3F64B665B9}

    2011-05-01 07:37 . 2011-05-01 07:37 -------- d--h--w- c:\users\Özhan\AppData\Local\{D6E19451-3380-4872-A0CE-7513E73801F2}

    2011-04-30 19:02 . 2011-04-30 19:02 -------- d--h--w- c:\users\Özhan\AppData\Local\{FC3CEAAD-BC14-42DE-8C07-19F5C0397199}

    2011-04-30 06:50 . 2011-04-30 06:50 -------- d--h--w- c:\users\Özhan\AppData\Local\{53B4C300-0393-44C9-B099-C9A3CFEC76E0}

    2011-04-30 06:32 . 2011-04-30 06:32 -------- d--h--w- c:\users\Özhan\AppData\Local\{2768199F-7E74-431A-81C0-2E25452519B7}

    2011-04-29 16:50 . 2011-04-29 16:50 -------- d--h--w- c:\users\Özhan\AppData\Local\{20613654-3DA3-4F90-B6B7-DFD2DFFADA9E}

    2011-04-28 18:11 . 2011-04-28 18:11 -------- d--h--w- c:\users\Özhan\AppData\Local\{F63CEAE5-DC09-4DAF-8408-07CF5551E100}

    2011-04-28 07:26 . 2011-04-28 07:26 -------- d--h--w- c:\users\Özhan\AppData\Local\{3986008D-3730-4EED-85BC-466F4A4B74E5}

    2011-04-27 13:30 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

    2011-04-27 13:30 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

    2011-04-27 13:30 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll

    2011-04-27 13:20 . 2011-04-27 13:21 -------- d--h--w- c:\users\Özhan\AppData\Local\{79B10640-B1A3-43AD-A564-AD039A0D391E}

    2011-04-26 13:57 . 2011-04-26 13:57 -------- d--h--w- c:\users\Özhan\AppData\Local\{5C1124DE-5F0F-4BCE-BB44-E8A445C71285}

    2011-04-26 08:04 . 2011-04-26 08:04 -------- d--h--w- c:\users\Özhan\AppData\Local\{3CB56B16-8198-41D0-A2C7-4A1D057AF863}

    2011-04-26 06:40 . 2011-04-26 06:40 -------- d--h--w- c:\users\Özhan\AppData\Local\{05F93685-2A93-4083-BA76-BB0EFBA24FD9}

    2011-04-25 20:42 . 2011-04-25 20:42 -------- d--h--w- c:\users\Özhan\AppData\Local\{95B76AC4-ED4B-4ADA-8576-B38E7617EB67}

    2011-04-25 07:38 . 2011-04-25 07:38 -------- d--h--w- c:\users\Özhan\AppData\Local\{DB031B21-0CF7-4118-A511-49B674015424}

    2011-04-24 10:45 . 2011-04-24 10:45 -------- d--h--w- c:\users\Özhan\AppData\Local\{E1287560-34C9-4570-995B-68C0C5196A20}

    2011-04-23 21:55 . 2011-04-23 21:56 -------- d--h--w- c:\users\Özhan\AppData\Local\{D5A0771F-B978-436C-9DFE-F540050979B3}

    2011-04-23 08:28 . 2011-04-23 08:29 -------- d--h--w- c:\users\Özhan\AppData\Local\{8060D7DC-3224-48FD-A90C-363CEEDFC744}

    2011-04-23 07:36 . 2011-04-23 07:36 -------- d--h--w- c:\users\Özhan\AppData\Local\{C28A647A-C7A9-4B0A-8B59-01AB2D38C13D}

    2011-04-22 14:57 . 2011-04-22 14:57 -------- d--h--w- c:\users\Özhan\AppData\Local\{E581C6B9-3D01-46F4-91D9-2B4E32898C14}

    2011-04-21 18:35 . 2011-04-21 18:35 -------- d--h--w- c:\users\Özhan\AppData\Local\{058DA037-F348-4C86-B777-558FE3944D27}

    2011-04-21 06:34 . 2011-04-21 06:34 -------- d--h--w- c:\users\Özhan\AppData\Local\{693BD419-070E-405C-AF9A-385E92D04AAC}

    2011-04-20 07:44 . 2011-04-20 07:44 -------- d--h--w- c:\users\Özhan\AppData\Local\{432D6624-7B00-4230-99B9-68CA9002C7B9}

    2011-04-20 07:43 . 2011-04-20 07:44 -------- d--h--w- c:\users\Özhan\AppData\Local\{DCB6226B-6694-4645-9C3D-1EA3CE9431EC}

    2011-04-19 10:43 . 2011-04-19 10:44 -------- d--h--w- c:\users\Özhan\AppData\Local\{0724F91D-3102-431E-BC4B-5F9B92A09DB9}

    2011-04-18 22:16 . 2011-04-18 22:16 -------- d--h--w- c:\users\Özhan\AppData\Local\{E5863781-D501-4B8E-AC80-EC6CACD21EB4}

    2011-04-18 22:16 . 2011-04-18 22:16 -------- d--h--w- c:\users\Özhan\AppData\Local\{AADA36C5-BCF0-4546-83AB-E7491F851DC3}

    2011-04-18 09:13 . 2011-04-18 09:13 -------- d--h--w- c:\users\Özhan\AppData\Local\{1C95AC7C-83F9-4734-8512-630CA766934E}

    2011-04-17 20:45 . 2011-04-17 20:45 -------- d--h--w- c:\users\Özhan\AppData\Local\{41CB89B8-5807-45FB-8459-2D0024B5A28C}

    2011-04-15 07:23 . 2011-04-15 07:23 -------- d--h--w- c:\users\Özhan\AppData\Local\{CBEA1396-5D2D-4EDF-823F-1E196280BB3A}

    2011-04-14 18:33 . 2011-04-14 18:33 -------- d--h--w- c:\users\Özhan\AppData\Local\{7C5A024F-F9F3-4F20-BCD8-F3A269A11D42}

    2011-04-14 06:21 . 2011-04-14 06:21 -------- d--h--w- c:\users\Özhan\AppData\Local\{FDA3D47A-60CD-4748-A719-BC30A38F82A2}

    2011-04-14 06:18 . 2011-04-14 06:21 -------- d--h--w- c:\users\Özhan\AppData\Local\{3D263058-8233-4F24-B40C-6D1955C18104}

    2011-04-13 13:03 . 2011-04-13 13:03 -------- d--h--w- c:\users\Özhan\AppData\Local\{6EB30799-E542-42A5-B760-0A26FA052FE5}

    2011-04-13 13:02 . 2011-04-13 13:02 -------- d--h--w- c:\users\Özhan\AppData\Local\{90252519-E183-4B8E-B3CA-E86E8E9B6B92}

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-03-09 12:46 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

    2011-03-03 15:40 . 2011-04-27 13:30 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

    2011-03-03 15:40 . 2011-04-27 13:30 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll

    2011-03-03 15:40 . 2011-04-27 13:30 542720 ----a-w- c:\windows\apppatch\AcLayers.dll

    2011-03-03 15:40 . 2011-04-27 13:30 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll

    2011-02-22 14:13 . 2011-03-24 07:16 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

    2011-02-22 13:33 . 2011-03-24 07:16 1068544 ----a-w- c:\windows\system32\DWrite.dll

    2011-02-22 13:33 . 2011-03-24 07:16 797696 ----a-w- c:\windows\system32\FntCache.dll

    2010-01-06 18:07 . 2010-08-23 21:03 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-11 2424192]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-11-17 258048]

    "DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-01-07 1148200]

    "TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-01-08 1316136]

    "CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-01-08 189736]

    "TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-05-08 206120]

    "UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]

    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]

    "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

    "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]

    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]

    "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

    "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

    "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-01-23 484408]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-21 483420]

    "snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]

    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]

    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-01-06 124240]

    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

    .

    c:\users\™zhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

    2010-11-26 10:19 548352 ---ha-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

    @="Service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    .

    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-06 66600]

    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-11-26 12872]

    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-11-26 12872]

    S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.sys [2010-11-26 67656]

    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/13 08:16];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2009-01-07 23:19 87536]

    S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

    S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2010-01-06 22816]

    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-01-06 70728]

    S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-23 365952]

    S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-01-06 296320]

    S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-01-06 116096]

    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512]

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    bthsvcs REG_MULTI_SZ BthServ

    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    .

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    ezSharedSvc

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

    2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

    .

    .

    ------- Bijkomende Scan -------

    .

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

    uInternet Settings,ProxyOverride = <local>;*.local

    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    FF - ProfilePath - c:\users\Özhan\AppData\Roaming\Mozilla\Firefox\Profiles\o3289nvn.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.khanacademy.org/

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

    FF - user.js: network.cookie.cookieBehavior - 0

    FF - user.js: privacy.clearOnShutdown.cookies - false

    FF - user.js: security.warn_viewing_mixed - false

    FF - user.js: security.warn_viewing_mixed.show_once - false

    FF - user.js: security.warn_submit_insecure - false

    FF - user.js: security.warn_submit_insecure.show_once - false

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

    Rootkit scan 2011-05-12 19:34

    Windows 6.0.6002 Service Pack 2 NTFS

    .

    scannen van verborgen processen ...

    .

    scannen van verborgen autostart items ...

    .

    scannen van verborgen bestanden ...

    .

    Scan succesvol afgerond

    verborgen bestanden: 0

    .

    **************************************************************************

    .

    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    .

    [HKEY_USERS\S-1-5-21-2756444411-2769091417-4138663883-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

    "??"=hex:de,7f,f6,fb,10,15,e1,b4,1d,d4,0e,51,58,48,ed,e7,78,15,33,f8,c2,14,8e,

    61,bc,40,13,fe,10,d7,29,6f,f3,8e,36,1d,78,b8,ea,0c,8b,ca,c2,d3,04,09,c2,ee,\

    "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

    .

    Voltooingstijd: 2011-05-12 19:43:00

    ComboFix-quarantined-files.txt 2011-05-12 17:42

    .

    Pre-Run: 42.860.552.192 bytes beschikbaar

    Post-Run: 43.488.018.432 bytes beschikbaar

    .

    - - End Of File - - 29A321C46A672EF9F808655995C5A8B3

  6. De PC is nu alvast trug snel (het ging geïnfecteerd verschrikkelijk trager).

    Ik ben echter precies mijn snelstartmenu (zie nr 2 op onderstaande afbeelding) en mijn start-programma's (nr 1) kwijt.

    naamloospx.jpg

    Verder ben ik precies alles kwijt wat in mijn persoonlijke map stond. Ik vind er niets van terug door klikkend te zoeken. Met de zoekfunctie kan ik echter wel bestanden opzoeken en ze ook daadwerkelijk openen. Ze zijn in ieder geval niet weg, aangezien mijn beschikbaar geheugen niet vermeerderd is, dus ze staan ERGENS, maar ik weet niet waar..

    Malwarebytes' Anti-Malware 1.50.1.1100

    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Databaseversie: 6557

    Windows 6.0.6002 Service Pack 2

    Internet Explorer 7.0.6002.18005

    11/05/2011 23:23:53

    mbam-log-2011-05-11 (23-23-53).txt

    Scantype: Snelle scan

    Objecten gescand: 154649

    Verstreken tijd: 7 minuut/minuten, 45 seconde(n)

    Geheugenprocessen geïnfecteerd: 0

    Geheugenmodulen geïnfecteerd: 0

    Registersleutels geïnfecteerd: 2

    Registerwaarden geïnfecteerd: 0

    Registerdata geïnfecteerd: 0

    Mappen geïnfecteerd: 1

    Bestanden geïnfecteerd: 8

    Geheugenprocessen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:

    HKEY_CURRENT_USER\SOFTWARE\XA5RJ9EADJ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:

    c:\Users\Özhan\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:

    c:\programdata\40886008.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    c:\programdata\trwkcwhfgpmgtx.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.

    c:\Users\Özhan\AppData\Local\Temp\tmpFEDC.tmp (Rogue.Installer.Gen) -> Quarantined and deleted successfully.

    c:\Users\Özhan\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

    c:\Users\Özhan\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

    c:\Users\Özhan\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

    c:\Users\Public\documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

    c:\Users\Public\documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 23:39:24, on 11/05/2011

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v7.00 (7.00.6002.18005)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Apoint2K\Apoint.exe

    C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

    C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

    C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe

    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\IDT\WDM\sttray.exe

    C:\Program Files\HP\HP Software Update\hpwuschd2.exe

    C:\Program Files\McAfee\Common Framework\UdaterUI.exe

    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    C:\Program Files\McAfee\Common Framework\McTray.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Apoint2K\ApMsgFwd.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Program Files\Apoint2K\Apntex.exe

    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

    C:\Program Files\Safari\Safari.exe

    C:\Windows\system32\conime.exe

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    O1 - Hosts: ::1 localhost

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

    O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

    O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

    O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"

    O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

    O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

    O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

    O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

    O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

    O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_7c71e337\STacSV.exe

    O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

    O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

    --

    End of file - 11685 bytes

  7. Dag allemaal,

    Ik kreeg een foutmelding dat mijn harde schijf iets voorhad maar het is volgens mij een virus/spyware.

    Ik heb geen enkel toegang meer tot mijn eigen map, mijn bureaublad is plots veranderd en ik heb geen snelkoppelinen, geen snelstartmenu meer...

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 23:48:08, on 10/05/2011

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v7.00 (7.00.6002.18005)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Apoint2K\Apoint.exe

    C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

    C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

    C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe

    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\IDT\WDM\sttray.exe

    C:\Program Files\HP\HP Software Update\hpwuschd2.exe

    C:\Program Files\McAfee\Common Framework\UdaterUI.exe

    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Windows\ehome\ehtray.exe

    C:\Windows\system32\Taskmgr.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\McAfee\Common Framework\McTray.exe

    C:\Program Files\Apoint2K\Apntex.exe

    C:\Windows\system32\conime.exe

    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Program Files\Safari\Safari.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe

    O1 - Hosts: ::1 localhost

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

    O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

    O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

    O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"

    O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

    O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

    O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

    O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

    O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

    O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKCU\..\Run: [trwKcwHFGPMgtX] C:\ProgramData\trwKcwHFGPMgtX.exe

    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_7c71e337\STacSV.exe

    O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

    O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

    --

    End of file - 11654 bytes

    --

    End of file - 10418 bytes

  8. Voila, dat is ook gebeurd. Nee ik zou niet eens weten waar AOL voor staat.. Dus is het verwijderd!

    Buiten de snelle opwarming van de laptop heb ik geen enkel probleem.

    Nog een vraagje: Ik heb nu volgende programma's op mijn laptop staan

    - McAfee (via de KUL kunnen we deze gratis installeren)

    - SUPERantispyware Free Edition (redelijk goed programma vind ik)

    - MBAM (best op laten denk ik zo)

    - HiJackThis (ook best op laten)

    - CCleaner (Gebruik ik amper)

    Zijn deze goed of zou ik bepaalde programma's beter kunnen vervangen?

  9. Nee ik ken het programma ook niet, dus heb ik het verwijderd.

    HijackThis:

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 9:46:04, on 22/04/2011

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v7.00 (7.00.6002.18005)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Apoint2K\Apoint.exe

    C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

    C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

    C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe

    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\IDT\WDM\sttray.exe

    C:\Program Files\HP\HP Software Update\hpwuschd2.exe

    C:\Program Files\McAfee\Common Framework\UdaterUI.exe

    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Program Files\McAfee\Common Framework\McTray.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    C:\Program Files\Apoint2K\ApMsgFwd.exe

    C:\Program Files\Apoint2K\Apntex.exe

    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

    C:\Windows\system32\conime.exe

    C:\Program Files\Safari\Safari.exe

    C:\Windows\system32\wuauclt.exe

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe

    O1 - Hosts: ::1 localhost

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

    O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

    O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

    O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

    O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"

    O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

    O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

    O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

    O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

    O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

    O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_7c71e337\STacSV.exe

    O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

    O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

    --

    End of file - 12176 bytes

    MBAM:

    Malwarebytes' Anti-Malware 1.46

    Malwarebytes

    Databaseversie: 4343

    Windows 6.0.6002 Service Pack 2

    Internet Explorer 7.0.6002.18005

    22/04/2011 9:37:44

    mbam-log-2011-04-22 (09-37-44).txt

    Scantype: Snelle scan

    Objecten gescand: 138548

    Verstreken tijd: 14 minuut/minuten, 50 seconde(n)

    Geheugenprocessen geïnfecteerd: 0

    Geheugenmodulen geïnfecteerd: 0

    Registersleutels geïnfecteerd: 0

    Registerwaarden geïnfecteerd: 0

    Registerdata geïnfecteerd: 0

    Mappen geïnfecteerd: 0

    Bestanden geïnfecteerd: 1

    Geheugenprocessen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:

    C:\Users\Özhan\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

  10. HijackThis:

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 9:41:49, on 22-4-2011

    Platform: Windows Vista (WinNT 6.00.1904)

    MSIE: Internet Explorer v8.00 (8.00.6001.18904)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    C:\Program Files\Belgacom\bin\sprtcmd.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Windows\System32\igfxpers.exe

    C:\Windows\Pixart\Pac7302\Monitor.exe

    C:\Windows\Pixart\Pac7302\PACTray.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    O1 - Hosts: ::1 localhost

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

    O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

    O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe

    O4 - HKLM\..\Run: [PACTray] C:\Windows\Pixart\PAC7302\PACTray.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\Skype4COM.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe

    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe

    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

    O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

    O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

    --

    End of file - 7565 bytes

    MBAM:

    Malwarebytes' Anti-Malware 1.50.1.1100

    Malwarebytes

    Databaseversie: 6417

    Windows 6.0.6000

    Internet Explorer 8.0.6001.18904

    22-4-2011 9:32:18

    mbam-log-2011-04-22 (09-32-18).txt

    Scantype: Snelle scan

    Objecten gescand: 146491

    Verstreken tijd: 7 minuut/minuten, 42 seconde(n)

    Geheugenprocessen geïnfecteerd: 0

    Geheugenmodulen geïnfecteerd: 0

    Registersleutels geïnfecteerd: 2

    Registerwaarden geïnfecteerd: 0

    Registerdata geïnfecteerd: 0

    Mappen geïnfecteerd: 2

    Bestanden geïnfecteerd: 19

    Geheugenprocessen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus AntiSpyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\Software\AntiVirus AntiSpyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:

    c:\Users\ersin zurel\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus antispyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Roaming\antivirus antispyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:

    c:\Windows\Temp\tmp00000001ab4c2186ee4a2182 (Trojan.Dropper) -> Quarantined and deleted successfully.

    c:\Windows\Temp\tmp0000000bf4da2807660ea0ca (Trojan.Dropper) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\local settings\temporary internet files\Content.IE5\MXM0VRVS\dogsex01.avi[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus antispyware 2011\help antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus antispyware 2011\activate antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus antispyware 2011\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus antispyware 2011\how to activate antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Roaming\microsoft\internet explorer\quick launch\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Roaming\antivirus antispyware 2011\antivirus antispyware.exe (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Roaming\antivirus antispyware 2011\securitymanager.exe (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Local\Temp\ppddfcfux.exxe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Local\Temp\w32rim_mem.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Local\Temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Local\Temp\dffuck.exe (Malware.Trace) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Roaming\antivirus antispyware 2011\icoactivate.ico (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Roaming\antivirus antispyware 2011\IcoHelp.ico (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Roaming\antivirus antispyware 2011\icouninstall.ico (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    c:\Users\ersin zurel\AppData\Roaming\antivirus antispyware 2011\securityhelper.exe (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

    De Ask Toolbar heb ik ook verwijderd.

  11. Ah hier heb ik dus niet via administrator de HiJackThis gedaan, het volgende klopt wel:

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 20:28:23, on 21/04/2011

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v7.00 (7.00.6002.18005)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Apoint2K\Apoint.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

    C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

    C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe

    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\IDT\WDM\sttray.exe

    C:\Program Files\HP\HP Software Update\hpwuschd2.exe

    C:\Program Files\McAfee\Common Framework\UdaterUI.exe

    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    C:\Program Files\McAfee\Common Framework\McTray.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    C:\Program Files\Apoint2K\ApMsgFwd.exe

    C:\Program Files\Apoint2K\Apntex.exe

    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

    C:\Windows\system32\conime.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\wuauclt.exe

    C:\Program Files\Safari\Safari.exe

    C:\Program Files\Safari\Safari.exe

    C:\Program Files\Windows Media Player\wmplayer.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\Windows Live\Contacts\wlcomm.exe

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe

    O1 - Hosts: ::1 localhost

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

    O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

    O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

    O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

    O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"

    O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

    O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

    O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

    O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

    O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

    O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKCU\..\Run: [{6A086409-987C-5AFF-BC0B-D4CA9655864A}] C:\Users\Özhan\AppData\Roaming\Iqacir\yqni.exe

    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_7c71e337\STacSV.exe

    O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

    O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

    --

    End of file - 12426 bytes

    Mijn laptop is nog geen jaar oud, het us een HP Pavilion dv2. Het is wel 2 maand geleden terug opgestuurd geweest omdat de ventilator ratelde. Dit was hersteld en het werkt op zich wel terug goed nu.

  12. Ben je er in geslaagd om HijackThis uit te voeren als administrator ?...

    Mijn excuses =)

    Dit is het juiste:

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 20:26:53, on 21-4-2011

    Platform: Windows Vista (WinNT 6.00.1904)

    MSIE: Internet Explorer v8.00 (8.00.6001.18904)

    Boot mode: Normal

    Running processes:

    C:\Windows\System32\smss.exe

    C:\Windows\system32\csrss.exe

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\csrss.exe

    C:\Windows\system32\services.exe

    C:\Windows\system32\lsass.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\winlogon.exe

    C:\Windows\system32\svchost.exe

    C:\Windows\system32\svchost.exe

    C:\Windows\System32\svchost.exe

    C:\Windows\System32\svchost.exe

    C:\Windows\System32\svchost.exe

    C:\Windows\system32\svchost.exe

    C:\Windows\system32\svchost.exe

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe

    C:\Windows\system32\Hpservice.exe

    C:\Windows\system32\svchost.exe

    C:\Windows\System32\spoolsv.exe

    C:\Program Files\Avira\AntiVir Desktop\sched.exe

    C:\Windows\system32\svchost.exe

    C:\Program Files\LSI SoftModem\agrsmsvc.exe

    C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

    C:\Windows\system32\svchost.exe

    C:\Program Files\Spyware Doctor\pctsAuxs.exe

    C:\Program Files\Spyware Doctor\pctsSvc.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Belgacom\bin\sprtsvc.exe

    C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

    C:\Windows\system32\svchost.exe

    C:\Windows\System32\svchost.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe

    C:\Windows\system32\wuauclt.exe

    C:\Program Files\Spyware Doctor\pctsTray.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

    O1 - Hosts: ::1 localhost

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

    O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

    O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe

    O4 - HKLM\..\Run: [PACTray] C:\Windows\Pixart\PAC7302\PACTray.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

    O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKCU\..\Run: [AntiVirus AntiSpyware 2011] "C:\Users\Ersin Zurel\AppData\Roaming\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe" /STARTUP

    O4 - HKCU\..\Run: [AntiVirus AntiSpyware 2011 Security] C:\Users\Ersin Zurel\AppData\Roaming\AntiVirus AntiSpyware 2011\securitymanager.exe

    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe

    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\Skype4COM.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe

    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe

    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

    O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

    --

    End of file - 10195 bytes

  13. Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 19:39:04, on 21/04/2011

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v7.00 (7.00.6002.18005)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Apoint2K\Apoint.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

    C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

    C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe

    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\IDT\WDM\sttray.exe

    C:\Program Files\HP\HP Software Update\hpwuschd2.exe

    C:\Program Files\McAfee\Common Framework\UdaterUI.exe

    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    C:\Program Files\McAfee\Common Framework\McTray.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    C:\Program Files\Apoint2K\Apntex.exe

    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

    C:\Windows\system32\conime.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\wuauclt.exe

    C:\Program Files\Safari\Safari.exe

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe

    O1 - Hosts: ::1 localhost

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

    O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

    O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

    O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

    O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"

    O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

    O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

    O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

    O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

    O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

    O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKCU\..\Run: [{6A086409-987C-5AFF-BC0B-D4CA9655864A}] C:\Users\Özhan\AppData\Roaming\Iqacir\yqni.exe

    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_7c71e337\STacSV.exe

    O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

    O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

    --

    End of file - 11804 bytes

  14. Allereerst krijg ik deze melding :

    meldingac.jpg

    Uploaded with ImageShack.us

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 19:35:03, on 21-4-2011

    Platform: Windows Vista (WinNT 6.00.1904)

    MSIE: Internet Explorer v8.00 (8.00.6001.18904)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe

    C:\Windows\system32\wuauclt.exe

    C:\Program Files\Spyware Doctor\pctsTray.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

    O1 - Hosts: ::1 localhost

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

    O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

    O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe

    O4 - HKLM\..\Run: [PACTray] C:\Windows\Pixart\PAC7302\PACTray.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

    O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKCU\..\Run: [AntiVirus AntiSpyware 2011] "C:\Users\Ersin Zurel\AppData\Roaming\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe" /STARTUP

    O4 - HKCU\..\Run: [AntiVirus AntiSpyware 2011 Security] C:\Users\Ersin Zurel\AppData\Roaming\AntiVirus AntiSpyware 2011\securitymanager.exe

    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe

    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\Skype4COM.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe

    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe

    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

    O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

    --

    End of file - 8291 bytes

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.