_help_

Het bestand is verwijderd en alles lijkt in orde te zijn. Mag de discussie gemarkeerd worden als OPGELOST?

Hier is het gevraagde logje: ComboFix 11-04-01.01 - Ruben 02/04/2011 19:12:50.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2039.1435 [GMT 2:00] Gestart vanuit: c:\documents and settings\Ruben\Bureaublad\ComboFix.exe AV: avast! antivirus 4.8.1351 [VPS 100831-1] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Ruben\Application Data\completescan c:\documents and settings\Ruben\Application Data\install c:\documents and settings\Ruben\Application Data\PriceGong c:\documents and settings\Ruben\Application Data\PriceGong\Data\1.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\a.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\b.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\c.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\d.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\e.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\f.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\g.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\h.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\i.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\J.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\k.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\l.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\m.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\n.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\o.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\p.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\q.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\r.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\s.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\t.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\u.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\v.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\w.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\x.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\y.xml c:\documents and settings\Ruben\Application Data\PriceGong\Data\z.xml c:\oddballz.fir\ODDBALLZ.exe c:\windows\system32\ms.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))) . . 2011-04-02 15:57 . 2011-04-02 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-04-01 19:12 . 2011-04-01 19:13 -------- d-----w- c:\windows\system32\NtmsData 2011-03-27 14:44 . 2011-04-02 15:09 -------- d-----w- c:\program files\Common Files\Akamai 2011-03-19 16:27 . 2011-03-19 16:27 -------- d-----w- c:\program files\Kill3rCombo 2011-03-16 20:00 . 2011-03-16 20:00 -------- d-----w- c:\documents and settings\Ruben\Application Data\ProgSense 2011-03-16 20:00 . 2011-03-16 20:00 -------- d-----w- c:\program files\Orbitdownloader 2011-03-16 13:35 . 2011-03-16 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2011-03-16 13:32 . 2011-03-16 13:32 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-03-16 13:30 . 2011-03-16 19:57 -------- d-----w- c:\documents and settings\Ruben\Local Settings\Application Data\FLVService 2011-03-16 13:30 . 2011-03-16 13:30 -------- d-----w- c:\windows\Freecorder 2011-03-12 12:22 . 2011-03-12 12:22 84718440 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc20.tmp . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:54 . 2007-10-29 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:54 . 2007-10-29 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58 . 2008-04-25 18:21 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2008-04-25 18:21 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2007-10-29 12:00 441344 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-15 11:17 . 2011-01-15 11:17 1512960 ----a-w- c:\windows\MachineCore.dll 2011-01-07 14:09 . 2007-10-29 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-07 39408] "ISPMonitor"="c:\program files\ISP Monitor\isp.exe" [2010-02-28 423536] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-01 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-01 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-01 138008] "RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-14 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-07 122880] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2009-02-09 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Registratiesoftware starten.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2010-5-2 1175552] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\Ruben\\Bureaublad\\Touhou\\THF\\TH09 ~ Phantasmagoria of Flower View\\kaei\\th09e.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "c:\\Ntreev\\Grand Chase\\main.exe"= "c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Kill3rCombo\\Elsword\\data\\x2.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58234:TCP"= 58234:TCP:Pando Media Booster "58234:UDP"= 58234:UDP:Pando Media Booster "57664:TCP"= 57664:TCP:Pando Media Booster "57664:UDP"= 57664:UDP:Pando Media Booster "3702:TCP"= 3702:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [25/04/2008 20:45 39680] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [25/04/2008 20:45 35712] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/09/2009 20:36 207280] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/04/2008 21:54 114768] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [29/10/2007 14:00 14336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/04/2008 21:54 20560] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [24/02/2010 17:47 198608] R2 ISPMonitorSrv;ISP Monitor;c:\program files\ISP Monitor\ISPMonitorSrv.exe [16/01/2010 20:18 36864] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [11/11/2010 14:48 70768] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [11/11/2010 13:31 539248] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/12/2010 21:56 136176] S3 dump_wmimmc;dump_wmimmc;\??\c:\ntreev\grand chase\GameGuard\dump_wmimmc.sys --> c:\ntreev\grand chase\GameGuard\dump_wmimmc.sys [?] S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/09/2009 20:36 365280] S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?] S4 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/09/2009 20:36 233136] S4 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/09/2009 20:36 70408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 19:56] . 2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 19:56] . 2010-09-15 c:\windows\Tasks\Install.job - c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-09-14 18:19] . 2011-04-02 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01] . 2011-01-14 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01] . 2011-01-14 c:\windows\Tasks\PC Health Advisor Defrag.job - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40] . 2011-01-14 c:\windows\Tasks\PC Health Advisor.job - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll FF - ProfilePath - c:\documents and settings\Ruben\Application Data\Mozilla\Firefox\Profiles\slmxzgzt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\program files\Mozilla Firefox\extensions\quickstores@quickstores.de FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\Spyware Doctor\BDT\FireFox FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Platinum Hide IP: support@platinumhideip.com - %profile%\extensions\support@platinumhideip.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-04-02 19:16 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1088) c:\windows\system32\igfxdev.dll . Voltooingstijd: 2011-04-02 19:18:03 ComboFix-quarantined-files.txt 2011-04-02 17:18 ComboFix2.txt 2010-12-28 10:29 . Pre-Run: 26.729.328.640 bytes beschikbaar Post-Run: 28.324.208.640 bytes beschikbaar . Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 48B755044F586724C53A24B34C8D9767

Umm... ik heb met MBAM een snelle scan gedaan en het heeft een paar virussen verwijderd en nu kan ik weer op internet en andere functies gebruiken. Ik zal hier de HJT en MBAM log van voor de verwijdering en daarna een recentere HJT: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:59:53, on 2/04/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Documents and Settings\Ruben\Application Data\gog.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\ISP Monitor\ISPMonitorSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\O2Micro Oz128 Driver\o2flash.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ISP Monitor\isp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Combined Community Codec Pack\MPC\mpc-hc.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [iSPMonitor] C:\Program Files\ISP Monitor\isp.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Registratiesoftware starten.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209153871546 O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 12419 bytes Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 5403 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 27/12/2010 18:26:20 mbam-log-2010-12-27 (18-26-20).txt Scantype: Snelle scan Objecten gescand: 149632 Verstreken tijd: 5 minuut/minuten, 49 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 4 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 4 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AtapiDrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AtapiDrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: c:\documents and settings\Ruben\application data\personal internet security 2011 (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\documents and settings\Ruben\application data\microsoft\internet explorer\quick launch\personal internet security 2011.lnk (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully. c:\documents and settings\Ruben\application data\personal internet security 2011\cookies.sqlite (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully. c:\documents and settings\Ruben\application data\personal internet security 2011\instructions.ini (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully. c:\windows\system32\drivers\atapidrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:17:33, on 2/04/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ISP Monitor\isp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\ISP Monitor\ISPMonitorSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\O2Micro Oz128 Driver\o2flash.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [iSPMonitor] C:\Program Files\ISP Monitor\isp.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Registratiesoftware starten.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209153871546 O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 12396 bytes

Mijn computer is geinfecteerd geraakt met een virus. Wanneer ik opstart (normaal of veilige modus) dan komt er een pop-up van een programma 'fixit' die zegt dat de computer geifecteerd is en 'beschermt het(?)' (ik weet eigenlijk niet hoe ik er aan kom) een paar functies kunnen niet worden herstelt behalve als ik het programma koop. Ik kan het programma niet sluiten en systeemherstel, internet explorer werken niet (er komt een pop-up van fixit die zegt dat het voor beveiligingsredenen wordt geblokeerd en erge gevolgen zou hebben voor mijn PC). Volgens wat ik las of fixit waren de functies die de gratis programma niet kon herstellen juist IE en systeemherstel (en ik denk nog wat andere ook). Ik kan met mijn PC niet op internet maar gelukkig staag HJT en malwarebytes (weet de naam niet op dit moment correct) erop. Nu zit ik op een andere PC (niet de mijne) dus ik vroeg me af of het veilig is om het logje op USB te zetten zonder dat de stick deze comp besmet of dat ik anders het moet over typen. Dank je.

Ik heb erna alles wat normaal fout loopt weer uitgeprobeerd en alles is prima in orde. Het internet werkt weer snel en explorer.exe crasht niet meer en systeemherstel kan zo te zien weer opstarten. Dus alles is weer in orde, bedankt voor de hulp en snelle reacties

Hier is het logbestand: ComboFix 10-12-26.01 - Ruben 28/12/2010 11:19:19.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2039.1485 [GMT 1:00] Gestart vanuit: c:\documents and settings\Ruben\Bureaublad\ComboFix.exe AV: avast! antivirus 4.8.1351 [VPS 100831-1] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\14c612 c:\documents and settings\All Users\Application Data\14c612\14c6126cc3d92e33eadf87c20892acc4.ocx c:\documents and settings\All Users\Application Data\14c612\4126.mof c:\documents and settings\All Users\Application Data\14c612\mozcrt19.dll c:\documents and settings\All Users\Application Data\14c612\PI14c_231.exe c:\documents and settings\All Users\Application Data\14c612\PIS.ico c:\documents and settings\All Users\Application Data\14c612\sqlite3.dll c:\documents and settings\All Users\Application Data\14c612\w6d3lsse7tm9gbu8z6afggbky2p45e7wg.dll c:\documents and settings\Ruben\Onlangs geopend\cid.sys c:\documents and settings\Ruben\Onlangs geopend\eb.dll c:\documents and settings\Ruben\Onlangs geopend\sld.exe c:\documents and settings\Ruben\Onlangs geopend\sld.tmp c:\windows\system32\drivers\hwinterface.sys X:\install.exe Besmet exemplaar van c:\windows\system32\winlogon.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\winlogon.exe Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\explorer.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ATAPIDRV -------\Service_AtapiDrv -------\Legacy_hwinterface -------\Service_hwinterface (((((((((((((((((((( Bestanden Gemaakt van 2010-11-28 to 2010-12-28 )))))))))))))))))))))))))))))) . 2010-12-27 16:44 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-27 16:44 . 2010-12-27 16:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-27 16:44 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-27 16:33 . 2010-12-27 16:33 -------- d-----w- c:\documents and settings\Ruben\Application Data\Malwarebytes 2010-12-27 16:33 . 2010-12-27 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-12-27 13:47 . 2010-12-27 13:47 388096 ----a-r- c:\documents and settings\Ruben\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-27 13:47 . 2010-12-27 13:47 -------- d-----w- c:\program files\Trend Micro 2010-12-26 16:21 . 2010-12-26 16:21 0 ----a-w- c:\documents and settings\Ruben\TempWmicBatchFile.bat 2010-12-26 16:13 . 2010-12-26 16:13 -------- d-sh--w- c:\documents and settings\All Users\Application Data\PIXVAYNXNS 2010-12-20 14:32 . 2010-12-20 14:36 -------- d-----w- c:\program files\Sandboxie 2010-12-17 11:54 . 2010-11-11 12:48 334448 ----a-w- c:\windows\system32\vmnetdhcp.exe 2010-12-17 11:54 . 2010-11-11 12:48 404080 ----a-w- c:\windows\system32\vmnat.exe 2010-12-17 11:54 . 2010-11-11 12:46 26352 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2010-12-17 11:54 . 2010-11-11 12:47 760432 ----a-w- c:\windows\system32\vnetlib.dll 2010-12-17 11:53 . 2010-11-11 12:47 24688 ----a-w- c:\windows\system32\drivers\VMkbd.sys 2010-12-17 11:53 . 2010-12-28 10:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware 2010-12-17 11:52 . 2010-12-17 11:52 -------- d-----w- c:\program files\Common Files\VMware 2010-12-15 12:09 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-15 12:07 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2010-12-11 17:15 . 2010-12-11 17:15 -------- d-----w- c:\windows\system32\wbem\Repository 2010-12-11 16:52 . 2010-12-11 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\bPgKm05700 2010-12-10 19:15 . 2010-12-10 19:15 -------- d-----w- c:\documents and settings\Ruben\Application Data\Tor 2010-12-10 19:15 . 2010-12-11 17:13 -------- d-----w- c:\documents and settings\Ruben\Application Data\Vidalia 2010-12-10 19:15 . 2010-12-11 17:13 -------- d-----w- c:\program files\Vidalia Bundle 2010-12-10 19:11 . 2010-12-11 17:13 -------- d-----w- c:\program files\ProxyFirewall 2010-12-04 16:00 . 2010-12-18 12:50 -------- d-----w- c:\documents and settings\Ruben\Local Settings\Application Data\VMware 2010-12-04 16:00 . 2010-12-18 12:50 -------- d-----w- c:\documents and settings\Ruben\Application Data\VMware 2010-12-04 15:47 . 2010-12-28 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware 2010-12-04 15:47 . 2010-12-04 15:47 -------- d-----w- c:\program files\VMware 2010-12-02 17:40 . 2010-12-02 17:40 -------- d-----w- c:\program files\Easy GIF Animator . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-18 18:15 . 2008-04-25 18:23 86016 ----a-w- c:\windows\system32\isign32.dll 2010-11-11 12:48 . 2010-11-11 12:48 70768 ----a-w- c:\windows\system32\drivers\vmci.sys 2010-11-11 12:48 . 2010-11-11 12:48 854128 ----a-w- c:\windows\system32\drivers\vmx86.sys 2010-11-11 12:46 . 2010-11-11 12:46 51312 ----a-w- c:\windows\system32\vmnetbridge.dll 2010-11-11 12:46 . 2010-11-11 12:46 32752 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys 2010-11-11 11:31 . 2010-11-11 11:31 32368 ----a-w- c:\windows\system32\drivers\hcmon.sys 2010-11-11 11:04 . 2010-11-11 11:04 252528 ----a-w- c:\windows\system32\vmnc.dll 2010-11-11 09:04 . 2010-11-11 09:04 59952 ----a-w- c:\windows\system32\vnetinst.dll 2010-11-11 09:04 . 2010-11-11 09:04 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys 2010-11-11 09:04 . 2010-11-11 09:04 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys 2010-11-06 00:23 . 2007-10-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:23 . 2007-10-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:23 . 2007-10-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:27 . 2007-10-29 12:00 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2007-10-29 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:09 . 2007-10-29 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 14:00 . 2007-10-29 12:00 1853440 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Google Update"="c:\documents and settings\Ruben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-02 133104] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-07 39408] "ISPMonitor"="c:\program files\ISP Monitor\isp.exe" [2010-02-28 423536] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-01 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-01 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-01 138008] "RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-14 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-07 122880] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2009-02-09 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\documents and settings\Ruben\Menu Start\Programma's\Opstarten\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Registratiesoftware starten.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2010-5-2 1175552] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Documents and Settings\\Ruben\\Bureaublad\\Touhou\\THF\\TH09 ~ Phantasmagoria of Flower View\\kaei\\th09e.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Ntreev\\Grand Chase\\main.exe"= "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Level Up Games\\Grand Chase\\main.exe"= "c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58234:TCP"= 58234:TCP:Pando Media Booster "58234:UDP"= 58234:UDP:Pando Media Booster R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [25/04/2008 19:45 39680] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [25/04/2008 19:45 35712] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/09/2009 19:36 207280] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/04/2008 20:54 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/04/2008 20:54 20560] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [24/02/2010 16:47 198608] R2 ISPMonitorSrv;ISP Monitor;c:\program files\ISP Monitor\ISPMonitorSrv.exe [16/01/2010 19:18 36864] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [11/11/2010 13:48 70768] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [11/11/2010 12:31 539248] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/12/2010 20:56 136176] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/09/2009 19:36 365280] S4 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/09/2009 19:36 233136] S4 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/09/2009 19:36 70408] . Inhoud van de 'Gedeelde Taken' map 2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 19:56] 2010-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 19:56] 2010-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-651377827-725345543-1003Core.job - c:\documents and settings\Ruben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-02 09:42] 2010-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-651377827-725345543-1003UA.job - c:\documents and settings\Ruben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-02 09:42] 2010-09-15 c:\windows\Tasks\Install.job - c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-09-14 18:19] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll FF - ProfilePath - c:\documents and settings\Ruben\Application Data\Mozilla\Firefox\Profiles\slmxzgzt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\program files\Mozilla Firefox\extensions\quickstores@quickstores.de FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\Spyware Doctor\BDT\FireFox FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Platinum Hide IP: support@platinumhideip.com - %profile%\extensions\support@platinumhideip.com . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-userini - c:\windows\explorer.exe:userini.exe HKLM-Run-userini - c:\windows\explorer.exe:userini.exe HKLM-Explorer_Run-userini - c:\windows\explorer.exe:userini.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-12-28 11:25 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(2208) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\agrsmsvc.exe c:\windows\system32\igfxsrvc.exe c:\windows\RTHDCPL.EXE c:\windows\system32\rundll32.exe c:\windows\AGRSMMSG.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\O2Micro Oz128 Driver\o2flash.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\vmnat.exe c:\windows\system32\vmnetdhcp.exe c:\program files\VMware\VMware Workstation\vmware-authd.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\windows\system32\wscntfy.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Voltooingstijd: 2010-12-28 11:29:03 - machine werd herstart ComboFix-quarantined-files.txt 2010-12-28 10:29 Pre-Run: 9.814.560.768 bytes beschikbaar Post-Run: 10.393.763.840 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - F780401EE539BD6DA14F88C0869A392B

Mijn internet gaat nu sneller maar als ik iets opzoek met google wordt ik soms naar een site gestuurd die mij een virus wil geven en wanneer ik van de site afga dan heb ik geen internetconectie (denk ik van de laatste gebeurtenissen). Wanneer ik een spel speel (dat internet -niet op de webbrowser-gebruikt) dan krijg ik nog de explorer.exe foutmeldingen. Systeemherstel werk niet.

Bedankt voor de reacties. Hier zijn de logs: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 5403 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 27/12/2010 18:26:20 mbam-log-2010-12-27 (18-26-20).txt Scantype: Snelle scan Objecten gescand: 149632 Verstreken tijd: 5 minuut/minuten, 49 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 4 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 4 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AtapiDrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AtapiDrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: c:\documents and settings\Ruben\application data\personal internet security 2011 (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\documents and settings\Ruben\application data\microsoft\internet explorer\quick launch\personal internet security 2011.lnk (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully. c:\documents and settings\Ruben\application data\personal internet security 2011\cookies.sqlite (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully. c:\documents and settings\Ruben\application data\personal internet security 2011\instructions.ini (Rogue.PersonalInternetSecurity) -> Quarantined and deleted successfully. c:\windows\system32\drivers\atapidrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:21:37, on 27/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ISP Monitor\isp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\ISP Monitor\ISPMonitorSrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\O2Micro Oz128 Driver\o2flash.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ruben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [iSPMonitor] C:\Program Files\ISP Monitor\isp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Registratiesoftware starten.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209153871546 O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 13412 bytes

Hallo, ik heb een aantal problemen met mijn PC, ik weet niet hoe ik eraan kom maar er is een virus op mijn PC gekomen. De problemen zijn: -op internet word ik op willekeurige momenten naar een site gebracht die "deze computer" moet voorstellen en waarop er een anti-virus op komt die virussen aantoond en will dat ik het download (weet niet of het echt is of niet...) en google laat me er niet op. -explorer.exe geeft foutmeldingen (elke keer ik het liet beëindigen bleef het maar komen) -het internet werk heel traag. -op willekeurige momenten wordt mijn scherm zwart, komen snel een paar tekens en valt uit of blijft gewoon vast zitten. Ik heb met mijn anti-virus programma's gescand en heb virussen gevonden (het waren host virussen of zoiets ) en heb ze verwijderd (één lukte niet door één of ander bestand maar na het verwijderd was lukte het om te repareren) Maar het lijkt alsof het nog niet is opgelost, ik vindt geen virussen en heb steeds nog een paar problemen; internet is traag, nog altijd het zwart scherm (als ik zware dingen doe) en de foutmeldingen (wanneer ik een spel speel). Ik heb geprobeert met systeemherstel maar er komt op: "De computer kan niet worden beveiligd met Systeemherstel. Start de computer opnieuw op en voer Systeemherstel vervolgens opnieuw uit." Het staat niet uitgeschakeld. Dit staat er op mijn HijackThis logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:14:41, on 27/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ISP Monitor\isp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\ISP Monitor\ISPMonitorSrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\O2Micro Oz128 Driver\o2flash.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Spyware Doctor\Update.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing) O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing) O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ruben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [iSPMonitor] C:\Program Files\ISP Monitor\isp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0) O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Registratiesoftware starten.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209153871546 O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 14206 bytes