czvevi.exe

[niorune]

Hallo Kape,

hier eerst het Combofix logfile en dan het Hijackthis file :

ComboFix 09-03-23.01 - arno 2009-03-24 20:00:33.2 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.1918.1225 [GMT 1:00]

Gestart vanuit: c:\users\arno\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\arno\Desktop\CFScript.txt..txt

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)

AV: Norton Internet Security *On-access scanning enabled* (Outdated)

FW: BitDefender Firewall *disabled*

FW: Norton Internet Security *enabled*

* Nieuw herstelpunt werd aangemaakt

FILE ::

c:\programdata\B9B41EDB68.sys

c:\users\All Users\B9B41EDB68.sys

c:\windows\System32\avfsae.exe

c:\windows\System32\czvevi.exe

c:\windows\System32\dmchol.exe

c:\windows\system32\drivers\PxHelp20.sys

c:\windows\System32\expahz.exe

c:\windows\System32\fpzicy.exe

c:\windows\System32\ftozew.exe

c:\windows\System32\gzpzjq.exe

c:\windows\System32\hlskzy.exe

c:\windows\System32\igqoaz.exe

c:\windows\System32\jcfoqx.exe

c:\windows\System32\jgqbtb.exe

c:\windows\System32\jripyo.exe

c:\windows\System32\niocvi.exe

c:\windows\System32\pqpbsi.exe

c:\windows\System32\pxcpyi64.exe

c:\windows\System32\pxinsi64.exe

c:\windows\System32\vampqp.exe

c:\windows\System32\wr73716.dll

c:\windows\System32\xa15567421.exe

c:\windows\System32\xa15567843.exe

c:\windows\System32\xa17773140.exe

c:\windows\System32\xa17773843.exe

c:\windows\System32\xa18274281.exe

c:\windows\System32\xa18274578.exe

c:\windows\System32\xwr73716.dll

c:\windows\System32\zwgmfg.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\B9B41EDB68.sys

c:\windows\System32\avfsae.exe

c:\windows\System32\czvevi.exe

c:\windows\System32\dmchol.exe

c:\windows\system32\drivers\PxHelp20.sys

c:\windows\System32\expahz.exe

c:\windows\System32\fpzicy.exe

c:\windows\System32\ftozew.exe

c:\windows\System32\gzpzjq.exe

c:\windows\System32\hlskzy.exe

c:\windows\System32\igqoaz.exe

c:\windows\System32\jcfoqx.exe

c:\windows\System32\jgqbtb.exe

c:\windows\System32\jripyo.exe

c:\windows\System32\niocvi.exe

c:\windows\System32\pqpbsi.exe

c:\windows\System32\pxcpyi64.exe

c:\windows\System32\pxinsi64.exe

c:\windows\System32\vampqp.exe

c:\windows\System32\wr73716.dll

c:\windows\System32\xa15567421.exe

c:\windows\System32\xa15567843.exe

c:\windows\System32\xa17773140.exe

c:\windows\System32\xa17773843.exe

c:\windows\System32\xa18274281.exe

c:\windows\System32\xa18274578.exe

c:\windows\System32\xwr73716.dll

c:\windows\System32\zwgmfg.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-02-24 to 2009-03-24 ))))))))))))))))))))))))))))))

.

2009-03-24 19:04 . 2009-03-24 19:04 <DIR> d----c--- C:\fsctmp

2009-03-24 19:04 . 2009-03-24 19:05 <DIR> d----c--- C:\$fsctmp

2009-03-24 13:08 . 2009-03-24 13:08 <DIR> d----c--- c:\program files\GetData

2009-03-24 09:19 . 2009-03-24 09:19 <DIR> d----c--- c:\program files\Trend Micro

2009-03-23 19:44 . 2009-03-23 19:44 <DIR> d----c--- c:\program files\Gabest

2009-03-23 19:41 . 2009-03-23 19:41 <DIR> d----c--- c:\program files\WinAVI Video Converter

2009-03-21 12:03 . 2009-03-21 12:03 118 --a--c--- c:\windows\System32\MRT.INI

2009-03-21 12:02 . 2009-03-21 12:02 <DIR> d----c--- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-21 12:02 . 2009-03-21 12:02 <DIR> d----c--- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-21 12:02 . 2008-04-17 12:12 107,368 --a--c--- c:\windows\System32\GEARAspi.dll

2009-03-21 12:02 . 2009-01-15 12:19 23,848 --a--c--- c:\windows\System32\drivers\GEARAspiWDM.sys

2009-03-21 12:01 . 2009-03-21 12:01 <DIR> d----c--- c:\program files\Bonjour

2009-03-21 09:37 . 2009-03-21 09:37 603,904 --a--c--- c:\windows\System32\TUProgSt.exe

2009-03-21 09:33 . 2009-03-21 09:34 <DIR> d----c--- c:\program files\TuneUp Utilities 2009

2009-03-21 09:32 . 2009-03-21 09:32 <DIR> d--hsc--- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}

2009-03-21 09:32 . 2009-03-21 09:32 <DIR> d--hsc--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}

2009-03-15 13:44 . 2009-03-15 13:54 <DIR> d----c--- c:\users\arno\AppData\Roaming\.ABC

2009-03-15 12:24 . 2009-03-15 12:24 <DIR> d----c--- c:\program files\uTorrent

2009-03-13 13:10 . 2009-03-13 13:16 <DIR> d----c--- c:\users\arno\AppData\Roaming\AV Bros Puzzle Pro 2.2 DEMO

2009-03-12 10:14 . 2009-03-12 10:14 <DIR> d----c--- c:\program files\Xvid

2009-03-12 10:11 . 2009-03-12 10:11 <DIR> d----c--- c:\program files\Power_Karaoke

2009-03-12 10:10 . 2009-03-12 10:10 <DIR> d----c--- c:\program files\Doblon

2009-03-12 10:10 . 2009-03-12 10:10 <DIR> d----c--- c:\program files\Common Files\Doblon

2009-03-12 10:10 . 2008-04-27 10:33 765,952 --a--c--- c:\windows\System32\xvidcore.dll

2009-03-12 10:10 . 2008-04-27 10:35 180,224 --a--c--- c:\windows\System32\xvidvfw.dll

2009-03-12 10:10 . 2007-06-28 18:55 77,824 --a--c--- c:\windows\System32\xvid.ax

2009-03-11 16:06 . 2009-02-09 02:54 2,030,080 --a--c--- c:\windows\System32\win32k.sys

2009-03-11 16:06 . 2008-11-27 05:42 269,824 --a--c--- c:\windows\System32\schannel.dll

2009-03-08 21:56 . 2009-03-08 21:56 131 --a--c--- c:\windows\System32\Pen_Tablet.dat

2009-03-05 22:37 . 2009-03-12 09:22 <DIR> d----c--- c:\program files\Romcenter

2009-03-03 20:37 . 2009-03-03 20:42 <DIR> d----c--- c:\users\arno\AppData\Roaming\Super-Cow

2009-03-02 10:07 . 2008-12-16 05:00 8,147,968 --a--c--- c:\windows\System32\wmploc.DLL

2009-03-02 10:07 . 2008-12-16 06:53 7,680 --a--c--- c:\windows\System32\spwmp.dll

2009-03-02 10:07 . 2008-12-16 06:53 4,096 --a--c--- c:\windows\System32\msdxm.ocx

2009-03-02 10:07 . 2008-12-16 06:53 4,096 --a--c--- c:\windows\System32\dxmasf.dll

2009-02-28 17:37 . 2009-02-28 17:49 <DIR> d----c--- c:\users\All Users\MonteCristo

2009-02-28 17:37 . 2009-02-28 17:49 <DIR> d----c--- c:\programdata\MonteCristo

2009-02-28 16:05 . 2009-02-28 16:06 <DIR> d----c--- c:\program files\GAMESVOORIEDEREEN.NL

2009-02-28 16:04 . 2009-02-28 16:04 <DIR> d----c--- c:\program files\OXXOGames

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-24 18:17 --------- dc----w c:\users\arno\AppData\Roaming\WTablet

2009-03-24 15:59 --------- dc----w c:\users\arno\AppData\Roaming\uTorrent

2009-03-24 14:03 --------- dc----w c:\users\arno\AppData\Roaming\Ahead

2009-03-24 14:02 --------- dc----w c:\programdata\Ahead

2009-03-24 14:01 --------- dc----w c:\program files\Common Files\Ahead

2009-03-24 13:59 --------- dc----w c:\programdata\Nero

2009-03-24 12:18 --------- dc--a-w c:\programdata\TEMP

2009-03-24 09:27 --------- dc----w c:\program files\Malwarebytes' Anti-Malware

2009-03-23 22:00 --------- dc----w c:\users\arno\AppData\Roaming\Corel

2009-03-23 21:50 --------- dc----w c:\program files\SuperBladePro

2009-03-23 21:32 3,766 -csha-w c:\windows\System32\KGyGaAvL.sys

2009-03-23 20:58 --------- dc----w c:\program files\Windows Live Safety Center

2009-03-22 20:25 --------- dc----w c:\program files\Nero

2009-03-21 11:02 --------- dc----w c:\programdata\Apple Computer

2009-03-21 11:02 --------- dc----w c:\program files\iTunes

2009-03-21 11:02 --------- dc----w c:\program files\iPod

2009-03-21 11:02 --------- dc----w c:\program files\Common Files\Apple

2009-03-15 10:59 --------- dc----w c:\users\arno\AppData\Roaming\Azureus

2009-03-12 09:11 --------- dc----w c:\program files\Conduit

2009-03-12 08:23 --------- dc----w c:\program files\Glyph

2009-03-12 08:12 --------- dc----w c:\program files\Windows Mail

2009-03-11 08:06 1,614 -c--a-w c:\users\arno\AppData\Roaming\filterclsid.dat

2009-03-07 21:21 --------- dc----w c:\users\arno\AppData\Roaming\dvdcss

2009-03-03 09:59 --------- dc----w c:\program files\Opera

2009-02-28 22:00 --------- dc----w c:\programdata\WinZip

2009-02-26 09:43 --------- dc----w c:\program files\Microsoft Silverlight

2009-02-23 13:26 --------- dc----w c:\programdata\Hitman Pro 3

2009-02-23 11:20 --------- dc----w c:\program files\Netlog Uploader

2009-02-19 20:32 --------- dc----w c:\users\arno\AppData\Roaming\RegTool

2009-02-19 14:37 --------- dc----w c:\program files\Common Files\Adobe

2009-02-19 12:19 --------- dc----w c:\programdata\Adobe Systems

2009-02-19 09:28 --------- dc----w c:\program files\project dogwaffle

2009-02-19 09:27 --------- dc----w c:\programdata\Corel

2009-02-19 09:27 --------- dc----w c:\program files\Common Files\Corel

2009-02-19 09:23 --------- dc----w c:\program files\Alien Skin

2009-02-18 09:10 --------- dc----w c:\program files\Windows Live

2009-02-18 08:14 --------- dc----w c:\programdata\Ulead Systems

2009-02-18 08:13 --------- dc-h--w c:\program files\InstallShield Installation Information

2009-02-16 17:15 --------- dc----w c:\program files\Common Files\Adobe Systems Shared

2009-02-12 19:08 --------- dc----w c:\program files\MSXML 4.0

2009-02-12 12:19 --------- dc----w c:\users\arno\AppData\Roaming\TuneUp Software

2009-02-12 12:19 --------- dc----w c:\programdata\TuneUp Software

2009-02-12 11:38 --------- dc----w c:\program files\AV Video Karaoke Maker

2009-02-11 10:07 --------- dc----w c:\programdata\Awem

2009-02-11 10:06 --------- dc----w c:\program files\Alawar

2009-02-11 10:04 --------- dc----w c:\program files\Atlantis Quest

2009-02-11 09:58 --------- dc----w c:\program files\Cradle of Persia

2009-02-11 09:53 --------- dc----w c:\program files\The Rise of Atlantis

2009-02-11 09:19 38,496 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 09:19 15,504 -c--a-w c:\windows\system32\drivers\mbam.sys

2009-02-10 18:22 --------- dc----w c:\users\arno\AppData\Roaming\AVSMedia

2009-02-10 18:22 --------- dc----w c:\program files\AVSMedia

2009-02-10 14:18 --------- dc----w c:\program files\Common Files\AVSMedia

2009-02-10 14:18 --------- dc----w c:\program files\AVS4YOU

2009-02-10 14:16 --------- dc----w c:\program files\Total Video Converter

2009-02-10 13:46 --------- dc----w c:\users\arno\AppData\Roaming\AVS4YOU

2009-02-10 13:45 --------- dc----w c:\programdata\AVS4YOU

2009-02-09 07:39 --------- dc----w c:\users\arno\AppData\Roaming\vlc

2009-02-08 21:45 --------- dc----w c:\program files\Audacity

2009-02-08 21:41 --------- dc----w c:\program files\MediaMonkey

2009-02-08 21:29 --------- dc----w c:\program files\Super Audio Converter

2009-02-08 19:51 --------- dc----w c:\program files\GameTop.com

2009-02-08 15:23 --------- dc----w c:\program files\VideoLAN

2009-02-08 13:18 --------- dc----w c:\programdata\Azureus

2009-02-08 13:17 --------- dc----w c:\program files\Vuze

2009-02-08 13:12 8,858 -c--a-w c:\program files\LimeWire Plus.torrent

2009-02-07 22:09 --------- dc----w c:\program files\DreamSuite Demo

2009-02-07 18:21 --------- dc----w c:\programdata\Hitman Pro

2009-02-07 18:07 --------- dc----w c:\program files\Hitman Pro 3

2009-02-07 15:40 --------- dc----w c:\program files\HarrysFilters3

2009-02-06 18:55 308,616 -c--a-w c:\windows\WLXPGSS.SCR

2009-02-06 17:52 49,504 -c--a-w c:\windows\System32\sirenacm.dll

2009-02-06 17:08 55,280 -c--a-w c:\windows\system32\drivers\fssfltr.sys

2009-02-06 15:43 --------- dc----w c:\program files\Messenger Plus! Live

2009-02-06 00:20 --------- dc----w c:\programdata\GameXzone

2009-02-06 00:03 --------- dc----w c:\programdata\OrbGames

2009-02-04 22:42 --------- dc----w c:\users\arno\AppData\Roaming\Alien Skin

2009-02-04 22:24 --------- dc----w c:\program files\Vplaces

2009-02-04 22:21 2,828 -csha-w c:\users\All Users\KGyGaAvL.sys

2009-02-04 22:21 2,828 -csha-w c:\programdata\KGyGaAvL.sys

2009-02-04 16:30 410,984 -c--a-w c:\windows\System32\deploytk.dll

2009-02-02 21:14 --------- dc----w c:\program files\Sqirlz Water Reflections

2009-02-02 21:00 --------- dc----w c:\users\arno\AppData\Roaming\Jasc

2009-02-02 21:00 --------- dc----w c:\program files\Jasc Software Inc

2009-02-02 20:20 348,160 -c--a-w c:\windows\System32\msvcr71.dll

2009-02-02 20:20 339,968 -c--a-w c:\windows\System32\pythoncom25.dll

2009-02-02 20:20 2,117,632 -c--a-w c:\windows\System32\python25.dll

2009-02-02 20:20 114,688 -c--a-w c:\windows\System32\pywintypes25.dll

2009-01-31 19:51 --------- dc----w c:\users\arno\AppData\Roaming\Zylom

2009-01-31 19:51 --------- dc----w c:\programdata\Zylom

2009-01-31 11:08 --------- dc----w c:\program files\Microsoft Works

2009-01-30 20:47 --------- dc----w c:\program files\Sony

2009-01-28 18:57 --------- dc----w c:\program files\Sweet Games

2009-01-28 08:01 --------- dc----w c:\program files\QuickTime

2009-01-26 17:57 --------- dc----w c:\program files\Caribbean Treasures

2009-01-26 17:25 --------- dc----w c:\programdata\Trymedia

2009-01-26 16:07 --------- dc----w c:\program files\Java

2009-01-26 16:06 --------- dc----w c:\program files\LimeWire

2009-01-26 14:05 --------- dc----w c:\program files\Secunia

2009-01-25 22:15 --------- dc----w c:\program files\Spyware Doctor

.

((((((((((((((((((((((((((((( SnapShot@2009-03-24_15.55.45,22 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-03-24 13:48:25 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-03-24 18:19:02 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-03-24 18:19:02 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-03-24 13:48:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-03-24 18:18:57 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2009-03-24 14:07:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-03-24 18:57:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-03-24 14:07:33 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-03-24 18:57:42 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-03-24 14:07:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-03-24 18:57:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-03-24 13:46:03 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-03-24 16:01:26 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-03-24 13:47:39 15,952 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-877212519-1861139164-1241984390-1000_UserData.bin

+ 2009-03-24 18:19:11 15,952 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-877212519-1861139164-1241984390-1000_UserData.bin

- 2009-03-24 13:47:39 85,030 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-03-24 18:19:11 85,030 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-03-24 13:47:37 69,406 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-03-24 15:05:41 69,558 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{3303e956-2a3a-48e0-be39-2e0ef11a2f44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]

2008-02-14 14:54 1555480 --a--c--- c:\program files\Power_Karaoke\tbPowe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3303e956-2a3a-48e0-be39-2e0ef11a2f44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3303E956-2A3A-48E0-BE39-2E0EF11A2F44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-27 39408]

"Windows Defender User Interface"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-03 1006264]

"winlog.exe"="c:\users\arno\AppData\Roaming\Microsoft\winlog.exe" [2009-03-24 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]

"Debugger"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"beid"=c:\program files\Belgium Identity Card\beid35gui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe"

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe

"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{D966C8B2-589E-4A47-84BA-C02BAE7EAB0B}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil

"{EDCF8292-BE33-47FA-B755-AFA3291F8AB4}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil

"{E01E71D3-18A1-4F21-9E74-148C899122A4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{727CB185-94EB-4C76-A170-0B01DCAE8505}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"TCP Query User{28034861-1FD9-48D3-A4AC-57E14005DFF0}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD

"UDP Query User{B24B3102-2743-48A6-A658-D7D9E1A139F8}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD

"TCP Query User{0054653F-A312-4E37-81CE-E5FB4C269E34}c:\\program files\\limewire plus\\limewire.exe"= UDP:c:\program files\limewire plus\limewire.exe:LimeWire

"UDP Query User{B832AE57-4B6D-46D2-937C-F831F3C3C651}c:\\program files\\limewire plus\\limewire.exe"= TCP:c:\program files\limewire plus\limewire.exe:LimeWire

"TCP Query User{9C15F824-D15B-4CF0-A731-4D8B3C167BFC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{1C4C6A17-AAF5-4FCB-884F-BCB01913EDAE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{3BC75F60-19F0-4CF4-A5D9-F6FA88F20E9E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{64954C95-0B94-4822-9CF3-9845BEEA16D1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{1940252A-DFC2-45FD-86BD-2E7A34A42051}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad

"UDP Query User{4ED7AAD6-C5B4-494C-826E-8F1A24239903}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad

"TCP Query User{A3473CAC-2AFA-46E0-B029-1EAE8F1AC3AA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{1536ED55-3CE4-4358-8513-626D0DBE2B21}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"TCP Query User{C3CEEE24-669C-4530-B184-42A2B146A25B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent

"UDP Query User{774A748B-0F75-4017-B835-A33AC2904C55}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

"{5C6825B3-D120-41E2-AE56-A583C3C263E2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)

"{0D00E02D-DF9F-49DC-847B-39A496829EF8}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)

"TCP Query User{C6A23C8E-3A2F-47D4-AA3D-02140FD6ACE9}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser

"UDP Query User{D3A9E949-5217-4B9C-A43D-FC8A5FEB5A1E}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser

"{25BF8F92-44E0-4083-8BDD-D4DBDB56189D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"TCP Query User{BE1FC876-EAA8-4490-82C8-55D49DE9DE0C}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser

"UDP Query User{868F1ACF-422A-4203-9AC3-804B22286A78}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser

"TCP Query User{95C0A958-E927-4BF9-8720-7FA535054009}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD

"UDP Query User{427E334A-B794-4F5F-A41C-6B5C7C50A8C3}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD

"{AB7DCD85-0939-4EC5-9A55-9D810AF57C95}"= UDP:c:\program files\LimeWire Plus\LimeWire.exe:LimeWire

"{161CE608-FD07-41F8-91A6-68D5AE37EC02}"= TCP:c:\program files\LimeWire Plus\LimeWire.exe:LimeWire

"{7C63BAC9-8C2B-4C89-8247-AC26CDAC9E84}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{2039AACE-785E-443B-B8B0-1034269A73C1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{49469E02-4681-42F9-A21D-E061336E7751}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{9DA77936-8257-49B2-AEFE-308DFAB08CFD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{3A45EC8D-8919-46C5-BDF7-BA176EEDA2F0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{D51CD647-EBBC-4535-8BC2-96947E2445A5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{481E5A74-AA39-4A7A-B338-D4D8AAAAA4A6}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"UDP Query User{E9A0492E-9407-4C11-B058-813A2E91C99C}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"TCP Query User{B8CE0E20-CB97-4455-B1A8-05D03EB5DE45}c:\\users\\arno\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\arno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"UDP Query User{00E912E0-F01A-4332-97D5-4B363295CD75}c:\\users\\arno\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\arno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\Mobistar\\IEWInternetBE\\Connectivity\\ConnectivityManager.exe"= c:\program files\Mobistar\IEWInternetBE\Connectivity\ConnectivityManager.exe:*:enabled:CSS

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\System32\ASTSRV.EXE [2009-02-03 57344]

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [2009-01-14 1373480]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-21 603904]

R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [2008-09-22 43520]

R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [2008-12-10 7808]

R3 S3GIGP;S3GIGP;c:\windows\System32\drivers\VTGKModeDX32.sys [2007-11-30 780288]

R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [2007-11-30 218624]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [2007-11-30 228352]

S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\System32\drivers\a38usbxp.sys [2004-04-30 24832]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-18 55280]

S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-23 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83823ac7-88a6-11dd-be3b-001060edaa94}]

\shell\AutoRun\command - G:\AutoRunCardDetector.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2423f84-b8d0-11dd-8e76-001e33009ed7}]

\shell\AutoRun\command - H:\InstallTomTomHOME.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Inhoud van de 'Gedeelde Taken' map

2009-03-24 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]

2009-03-24 c:\windows\Tasks\User_Feed_Synchronization-{78515E5C-2951-414B-BEDF-4A0C81A1C72E}.job

- c:\windows\system32\msfeedssync.exe [2009-01-15 11:01]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-24 20:02:44

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2009-03-24 20:05:15

ComboFix-quarantined-files.txt 2009-03-24 19:05:13

ComboFix2.txt 2009-03-24 14:58:43

Pre-Run: 14.837.702.656 bytes beschikbaar

Post-Run: 17,057,345,536 bytes beschikbaar

393 --- E O F --- 2009-03-24 11:00:51

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:13:06, on 24/03/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Users\arno\AppData\Roaming\Microsoft\winlog.exe

C:\Windows\system32\WTablet\Pen_TabletUser.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Windows Defender User Interface] C:\Program Files\Windows Defender\MSASCui.exe

O4 - HKCU\..\Run: [winlog.exe] C:\Users\arno\AppData\Roaming\Microsoft\winlog.exe

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O13 - Gopher Prefix:

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--

End of file - 7086 bytes

[kape]

Wil je dit bestand :

C:\Users\arno\AppData\Roaming\Microsoft\winlog.exe

eens opladen om te laten controleren bij Jotti of Virustotal : en laat dan even weten wat het resultaat was.

[niorune]

Scan genomen met online malware scan : Jotti's

Scan taken on 24 Mar 2009 21:47:40 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found W32/SelfStarterInternetTrojan!Maximus (probable variant)

F-Secure Anti-Virus Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found probably unknown NewHeur_PE (probable variant)

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Quick Heal Found nothing

Sophos Antivirus Found Sus/Delf-J (probable variant)

VirusBuster Found nothing

VBA32 Found Win32 Shadow Socket Open (probable variant)

[kape]

Dat vreesde ik al, toch besmet :s

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKCU\..\Run: [winlog.exe] C:\Users\arno\AppData\Roaming\Microsoft\winlog.exe

Klik op 'Fix checked' om de items te verwijderen.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\Users\arno\AppData\Roaming\Microsoft\winlog.exe

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"winlog.exe"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

En nog een bijkomend vraagje : heb je een actief antivirusprogramma ? En zo ja, het welke ?

[niorune]

Hier de logs :

Wat het antivirus betreft is er wel Norton maar deze stond erop als ik de laptop kocht.

Maar er zijn nergens files van te vinden ? Als ik ComboFix start geeft het dit telkens aan dat Norton nog draait maar kan deze niet uitzetten :s

ComboFix 09-03-23.01 - arno 2009-03-25 10:22:06.3 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.1918.1258 [GMT 1:00]

Gestart vanuit: c:\users\arno\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\arno\Desktop\CFScript.txt..txt

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)

AV: Norton Internet Security *On-access scanning enabled* (Outdated)

FW: BitDefender Firewall *disabled*

FW: Norton Internet Security *enabled*

* Nieuw herstelpunt werd aangemaakt

FILE ::

c:\users\arno\AppData\Roaming\Microsoft\winlog.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\arno\AppData\Roaming\Microsoft\winlog.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-02-25 to 2009-03-25 ))))))))))))))))))))))))))))))

.

2009-03-24 20:22 . 2009-03-24 20:24 <DIR> d----c--- c:\users\All Users\DVD Shrink

2009-03-24 20:22 . 2009-03-24 20:24 <DIR> d----c--- c:\programdata\DVD Shrink

2009-03-24 20:22 . 2009-03-24 20:22 <DIR> d----c--- c:\program files\DVD Shrink

2009-03-24 20:09 . 2009-03-24 20:09 <DIR> d----c--- C:\WTablet

2009-03-24 19:04 . 2009-03-24 19:04 <DIR> d----c--- C:\fsctmp

2009-03-24 19:04 . 2009-03-24 19:05 <DIR> d----c--- C:\$fsctmp

2009-03-24 13:08 . 2009-03-24 13:08 <DIR> d----c--- c:\program files\GetData

2009-03-24 09:19 . 2009-03-24 09:19 <DIR> d----c--- c:\program files\Trend Micro

2009-03-23 19:44 . 2009-03-23 19:44 <DIR> d----c--- c:\program files\Gabest

2009-03-23 19:41 . 2009-03-23 19:41 <DIR> d----c--- c:\program files\WinAVI Video Converter

2009-03-21 12:03 . 2009-03-21 12:03 118 --a--c--- c:\windows\System32\MRT.INI

2009-03-21 12:02 . 2009-03-21 12:02 <DIR> d----c--- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-21 12:02 . 2009-03-21 12:02 <DIR> d----c--- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-21 12:02 . 2008-04-17 12:12 107,368 --a--c--- c:\windows\System32\GEARAspi.dll

2009-03-21 12:02 . 2009-01-15 12:19 23,848 --a--c--- c:\windows\System32\drivers\GEARAspiWDM.sys

2009-03-21 12:01 . 2009-03-21 12:01 <DIR> d----c--- c:\program files\Bonjour

2009-03-21 09:37 . 2009-03-21 09:37 603,904 --a--c--- c:\windows\System32\TUProgSt.exe

2009-03-21 09:33 . 2009-03-21 09:34 <DIR> d----c--- c:\program files\TuneUp Utilities 2009

2009-03-21 09:32 . 2009-03-21 09:32 <DIR> d--hsc--- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}

2009-03-21 09:32 . 2009-03-21 09:32 <DIR> d--hsc--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}

2009-03-15 13:44 . 2009-03-15 13:54 <DIR> d----c--- c:\users\arno\AppData\Roaming\.ABC

2009-03-15 12:24 . 2009-03-15 12:24 <DIR> d----c--- c:\program files\uTorrent

2009-03-13 13:10 . 2009-03-24 21:13 <DIR> d----c--- c:\users\arno\AppData\Roaming\AV Bros Puzzle Pro 2.2 DEMO

2009-03-12 10:14 . 2009-03-12 10:14 <DIR> d----c--- c:\program files\Xvid

2009-03-12 10:11 . 2009-03-12 10:11 <DIR> d----c--- c:\program files\Power_Karaoke

2009-03-12 10:10 . 2009-03-12 10:10 <DIR> d----c--- c:\program files\Doblon

2009-03-12 10:10 . 2009-03-12 10:10 <DIR> d----c--- c:\program files\Common Files\Doblon

2009-03-12 10:10 . 2008-04-27 10:33 765,952 --a--c--- c:\windows\System32\xvidcore.dll

2009-03-12 10:10 . 2008-04-27 10:35 180,224 --a--c--- c:\windows\System32\xvidvfw.dll

2009-03-12 10:10 . 2007-06-28 18:55 77,824 --a--c--- c:\windows\System32\xvid.ax

2009-03-11 16:06 . 2009-02-09 02:54 2,030,080 --a--c--- c:\windows\System32\win32k.sys

2009-03-11 16:06 . 2008-11-27 05:42 269,824 --a--c--- c:\windows\System32\schannel.dll

2009-03-08 21:56 . 2009-03-08 21:56 131 --a--c--- c:\windows\System32\Pen_Tablet.dat

2009-03-05 22:37 . 2009-03-12 09:22 <DIR> d----c--- c:\program files\Romcenter

2009-03-03 20:37 . 2009-03-03 20:42 <DIR> d----c--- c:\users\arno\AppData\Roaming\Super-Cow

2009-03-02 10:07 . 2008-12-16 05:00 8,147,968 --a--c--- c:\windows\System32\wmploc.DLL

2009-03-02 10:07 . 2008-12-16 06:53 7,680 --a--c--- c:\windows\System32\spwmp.dll

2009-03-02 10:07 . 2008-12-16 06:53 4,096 --a--c--- c:\windows\System32\msdxm.ocx

2009-03-02 10:07 . 2008-12-16 06:53 4,096 --a--c--- c:\windows\System32\dxmasf.dll

2009-02-28 17:37 . 2009-02-28 17:49 <DIR> d----c--- c:\users\All Users\MonteCristo

2009-02-28 17:37 . 2009-02-28 17:49 <DIR> d----c--- c:\programdata\MonteCristo

2009-02-28 16:05 . 2009-03-24 21:16 <DIR> d----c--- c:\program files\GAMESVOORIEDEREEN.NL

2009-02-28 16:04 . 2009-02-28 16:04 <DIR> d----c--- c:\program files\OXXOGames

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-25 08:55 --------- dc----w c:\users\arno\AppData\Roaming\WTablet

2009-03-24 21:37 135,168 -c--a-w c:\windows\Cursors\supdate.exe

2009-03-24 21:19 241,665 -c-ha-w c:\windows\Cursors\lsass.exe

2009-03-24 19:36 --------- dc----w c:\users\arno\AppData\Roaming\Ahead

2009-03-24 15:59 --------- dc----w c:\users\arno\AppData\Roaming\uTorrent

2009-03-24 14:02 --------- dc----w c:\programdata\Ahead

2009-03-24 14:01 --------- dc----w c:\program files\Common Files\Ahead

2009-03-24 13:59 --------- dc----w c:\programdata\Nero

2009-03-24 12:18 --------- dc--a-w c:\programdata\TEMP

2009-03-24 09:27 --------- dc----w c:\program files\Malwarebytes' Anti-Malware

2009-03-23 22:00 --------- dc----w c:\users\arno\AppData\Roaming\Corel

2009-03-23 21:50 --------- dc----w c:\program files\SuperBladePro

2009-03-23 21:32 3,766 -csha-w c:\windows\System32\KGyGaAvL.sys

2009-03-23 20:58 --------- dc----w c:\program files\Windows Live Safety Center

2009-03-22 20:25 --------- dc----w c:\program files\Nero

2009-03-21 11:02 --------- dc----w c:\programdata\Apple Computer

2009-03-21 11:02 --------- dc----w c:\program files\iTunes

2009-03-21 11:02 --------- dc----w c:\program files\iPod

2009-03-21 11:02 --------- dc----w c:\program files\Common Files\Apple

2009-03-15 10:59 --------- dc----w c:\users\arno\AppData\Roaming\Azureus

2009-03-12 09:11 --------- dc----w c:\program files\Conduit

2009-03-12 08:23 --------- dc----w c:\program files\Glyph

2009-03-12 08:12 --------- dc----w c:\program files\Windows Mail

2009-03-11 08:06 1,614 -c--a-w c:\users\arno\AppData\Roaming\filterclsid.dat

2009-03-07 21:21 --------- dc----w c:\users\arno\AppData\Roaming\dvdcss

2009-03-03 09:59 --------- dc----w c:\program files\Opera

2009-02-28 22:00 --------- dc----w c:\programdata\WinZip

2009-02-26 09:43 --------- dc----w c:\program files\Microsoft Silverlight

2009-02-23 13:26 --------- dc----w c:\programdata\Hitman Pro 3

2009-02-23 11:20 --------- dc----w c:\program files\Netlog Uploader

2009-02-19 20:32 --------- dc----w c:\users\arno\AppData\Roaming\RegTool

2009-02-19 14:37 --------- dc----w c:\program files\Common Files\Adobe

2009-02-19 12:19 --------- dc----w c:\programdata\Adobe Systems

2009-02-19 09:28 --------- dc----w c:\program files\project dogwaffle

2009-02-19 09:27 --------- dc----w c:\programdata\Corel

2009-02-19 09:27 --------- dc----w c:\program files\Common Files\Corel

2009-02-19 09:23 --------- dc----w c:\program files\Alien Skin

2009-02-18 09:10 --------- dc----w c:\program files\Windows Live

2009-02-18 08:14 --------- dc----w c:\programdata\Ulead Systems

2009-02-18 08:13 --------- dc-h--w c:\program files\InstallShield Installation Information

2009-02-16 17:15 --------- dc----w c:\program files\Common Files\Adobe Systems Shared

2009-02-12 19:08 --------- dc----w c:\program files\MSXML 4.0

2009-02-12 12:19 --------- dc----w c:\users\arno\AppData\Roaming\TuneUp Software

2009-02-12 12:19 --------- dc----w c:\programdata\TuneUp Software

2009-02-12 11:38 --------- dc----w c:\program files\AV Video Karaoke Maker

2009-02-11 10:07 --------- dc----w c:\programdata\Awem

2009-02-11 10:06 --------- dc----w c:\program files\Alawar

2009-02-11 10:04 --------- dc----w c:\program files\Atlantis Quest

2009-02-11 09:58 --------- dc----w c:\program files\Cradle of Persia

2009-02-11 09:53 --------- dc----w c:\program files\The Rise of Atlantis

2009-02-11 09:19 38,496 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 09:19 15,504 -c--a-w c:\windows\system32\drivers\mbam.sys

2009-02-10 18:22 --------- dc----w c:\users\arno\AppData\Roaming\AVSMedia

2009-02-10 18:22 --------- dc----w c:\program files\AVSMedia

2009-02-10 14:18 --------- dc----w c:\program files\Common Files\AVSMedia

2009-02-10 14:18 --------- dc----w c:\program files\AVS4YOU

2009-02-10 14:16 --------- dc----w c:\program files\Total Video Converter

2009-02-10 13:46 --------- dc----w c:\users\arno\AppData\Roaming\AVS4YOU

2009-02-10 13:45 --------- dc----w c:\programdata\AVS4YOU

2009-02-09 07:39 --------- dc----w c:\users\arno\AppData\Roaming\vlc

2009-02-08 21:45 --------- dc----w c:\program files\Audacity

2009-02-08 21:41 --------- dc----w c:\program files\MediaMonkey

2009-02-08 21:29 --------- dc----w c:\program files\Super Audio Converter

2009-02-08 19:51 --------- dc----w c:\program files\GameTop.com

2009-02-08 15:23 --------- dc----w c:\program files\VideoLAN

2009-02-08 13:18 --------- dc----w c:\programdata\Azureus

2009-02-08 13:17 --------- dc----w c:\program files\Vuze

2009-02-08 13:12 8,858 -c--a-w c:\program files\LimeWire Plus.torrent

2009-02-07 22:09 --------- dc----w c:\program files\DreamSuite Demo

2009-02-07 18:21 --------- dc----w c:\programdata\Hitman Pro

2009-02-07 18:07 --------- dc----w c:\program files\Hitman Pro 3

2009-02-07 15:40 --------- dc----w c:\program files\HarrysFilters3

2009-02-06 18:55 308,616 -c--a-w c:\windows\WLXPGSS.SCR

2009-02-06 17:52 49,504 -c--a-w c:\windows\System32\sirenacm.dll

2009-02-06 17:08 55,280 -c--a-w c:\windows\system32\drivers\fssfltr.sys

2009-02-06 15:43 --------- dc----w c:\program files\Messenger Plus! Live

2009-02-06 00:20 --------- dc----w c:\programdata\GameXzone

2009-02-06 00:03 --------- dc----w c:\programdata\OrbGames

2009-02-04 22:42 --------- dc----w c:\users\arno\AppData\Roaming\Alien Skin

2009-02-04 22:24 --------- dc----w c:\program files\Vplaces

2009-02-04 22:21 2,828 -csha-w c:\users\All Users\KGyGaAvL.sys

2009-02-04 22:21 2,828 -csha-w c:\programdata\KGyGaAvL.sys

2009-02-04 16:30 410,984 -c--a-w c:\windows\System32\deploytk.dll

2009-02-02 21:14 --------- dc----w c:\program files\Sqirlz Water Reflections

2009-02-02 21:00 --------- dc----w c:\users\arno\AppData\Roaming\Jasc

2009-02-02 21:00 --------- dc----w c:\program files\Jasc Software Inc

2009-02-02 20:20 348,160 -c--a-w c:\windows\System32\msvcr71.dll

2009-02-02 20:20 339,968 -c--a-w c:\windows\System32\pythoncom25.dll

2009-02-02 20:20 2,117,632 -c--a-w c:\windows\System32\python25.dll

2009-02-02 20:20 114,688 -c--a-w c:\windows\System32\pywintypes25.dll

2009-01-31 19:51 --------- dc----w c:\users\arno\AppData\Roaming\Zylom

2009-01-31 19:51 --------- dc----w c:\programdata\Zylom

2009-01-31 11:08 --------- dc----w c:\program files\Microsoft Works

2009-01-30 20:47 --------- dc----w c:\program files\Sony

2009-01-28 18:57 --------- dc----w c:\program files\Sweet Games

2009-01-28 08:01 --------- dc----w c:\program files\QuickTime

2009-01-26 17:57 --------- dc----w c:\program files\Caribbean Treasures

2009-01-26 17:25 --------- dc----w c:\programdata\Trymedia

2009-01-26 16:07 --------- dc----w c:\program files\Java

2009-01-26 16:06 --------- dc----w c:\program files\LimeWire

.

((((((((((((((((((((((((((((( SnapShot@2009-03-24_15.55.45,22 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-03-24 13:48:25 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-03-25 08:57:57 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-03-25 08:57:57 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-03-24 13:48:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-03-25 08:57:52 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-03-25 08:57:52 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-03-24 14:07:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-03-25 09:17:18 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-03-24 14:07:33 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-03-25 09:17:18 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-03-24 14:07:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-03-25 09:17:18 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-03-24 13:46:03 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-03-25 08:55:33 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-03-24 13:47:39 15,952 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-877212519-1861139164-1241984390-1000_UserData.bin

+ 2009-03-25 08:57:13 15,952 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-877212519-1861139164-1241984390-1000_UserData.bin

- 2009-03-24 13:47:39 85,030 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-03-25 08:57:12 85,030 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-03-24 13:47:37 69,406 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-03-25 08:57:11 70,246 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{3303e956-2a3a-48e0-be39-2e0ef11a2f44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]

2008-02-14 14:54 1555480 --a--c--- c:\program files\Power_Karaoke\tbPowe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3303e956-2a3a-48e0-be39-2e0ef11a2f44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3303E956-2A3A-48E0-BE39-2E0EF11A2F44}"= "c:\program files\Power_Karaoke\tbPowe.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-27 39408]

"Windows Defender User Interface"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-03 1006264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]

"Debugger"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"beid"=c:\program files\Belgium Identity Card\beid35gui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe"

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe

"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{D966C8B2-589E-4A47-84BA-C02BAE7EAB0B}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil

"{EDCF8292-BE33-47FA-B755-AFA3291F8AB4}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil

"{E01E71D3-18A1-4F21-9E74-148C899122A4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{727CB185-94EB-4C76-A170-0B01DCAE8505}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"TCP Query User{28034861-1FD9-48D3-A4AC-57E14005DFF0}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD

"UDP Query User{B24B3102-2743-48A6-A658-D7D9E1A139F8}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD

"TCP Query User{0054653F-A312-4E37-81CE-E5FB4C269E34}c:\\program files\\limewire plus\\limewire.exe"= UDP:c:\program files\limewire plus\limewire.exe:LimeWire

"UDP Query User{B832AE57-4B6D-46D2-937C-F831F3C3C651}c:\\program files\\limewire plus\\limewire.exe"= TCP:c:\program files\limewire plus\limewire.exe:LimeWire

"TCP Query User{9C15F824-D15B-4CF0-A731-4D8B3C167BFC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{1C4C6A17-AAF5-4FCB-884F-BCB01913EDAE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{3BC75F60-19F0-4CF4-A5D9-F6FA88F20E9E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{64954C95-0B94-4822-9CF3-9845BEEA16D1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{1940252A-DFC2-45FD-86BD-2E7A34A42051}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad

"UDP Query User{4ED7AAD6-C5B4-494C-826E-8F1A24239903}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad

"TCP Query User{A3473CAC-2AFA-46E0-B029-1EAE8F1AC3AA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{1536ED55-3CE4-4358-8513-626D0DBE2B21}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"TCP Query User{C3CEEE24-669C-4530-B184-42A2B146A25B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent

"UDP Query User{774A748B-0F75-4017-B835-A33AC2904C55}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

"{5C6825B3-D120-41E2-AE56-A583C3C263E2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)

"{0D00E02D-DF9F-49DC-847B-39A496829EF8}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)

"TCP Query User{C6A23C8E-3A2F-47D4-AA3D-02140FD6ACE9}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser

"UDP Query User{D3A9E949-5217-4B9C-A43D-FC8A5FEB5A1E}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser

"{25BF8F92-44E0-4083-8BDD-D4DBDB56189D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"TCP Query User{BE1FC876-EAA8-4490-82C8-55D49DE9DE0C}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser

"UDP Query User{868F1ACF-422A-4203-9AC3-804B22286A78}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser

"TCP Query User{95C0A958-E927-4BF9-8720-7FA535054009}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD

"UDP Query User{427E334A-B794-4F5F-A41C-6B5C7C50A8C3}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD

"{AB7DCD85-0939-4EC5-9A55-9D810AF57C95}"= UDP:c:\program files\LimeWire Plus\LimeWire.exe:LimeWire

"{161CE608-FD07-41F8-91A6-68D5AE37EC02}"= TCP:c:\program files\LimeWire Plus\LimeWire.exe:LimeWire

"{7C63BAC9-8C2B-4C89-8247-AC26CDAC9E84}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{2039AACE-785E-443B-B8B0-1034269A73C1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{49469E02-4681-42F9-A21D-E061336E7751}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{9DA77936-8257-49B2-AEFE-308DFAB08CFD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{3A45EC8D-8919-46C5-BDF7-BA176EEDA2F0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{D51CD647-EBBC-4535-8BC2-96947E2445A5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{481E5A74-AA39-4A7A-B338-D4D8AAAAA4A6}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"UDP Query User{E9A0492E-9407-4C11-B058-813A2E91C99C}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"TCP Query User{B8CE0E20-CB97-4455-B1A8-05D03EB5DE45}c:\\users\\arno\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\arno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"UDP Query User{00E912E0-F01A-4332-97D5-4B363295CD75}c:\\users\\arno\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\arno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\Mobistar\\IEWInternetBE\\Connectivity\\ConnectivityManager.exe"= c:\program files\Mobistar\IEWInternetBE\Connectivity\ConnectivityManager.exe:*:enabled:CSS

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\System32\ASTSRV.EXE [2009-02-03 57344]

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [2009-01-14 1373480]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-21 603904]

R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [2008-09-22 43520]

R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [2008-12-10 7808]

R3 S3GIGP;S3GIGP;c:\windows\System32\drivers\VTGKModeDX32.sys [2007-11-30 780288]

R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [2007-11-30 218624]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [2007-11-30 228352]

S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\System32\drivers\a38usbxp.sys [2004-04-30 24832]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-18 55280]

S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-23 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83823ac7-88a6-11dd-be3b-001060edaa94}]

\shell\AutoRun\command - G:\AutoRunCardDetector.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2423f84-b8d0-11dd-8e76-001e33009ed7}]

\shell\AutoRun\command - H:\InstallTomTomHOME.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4C494556-4C49-4C49-4C49-4C494556454B}]

"c:\windows\Cursors\lsass.exe" /s

.

Inhoud van de 'Gedeelde Taken' map

2009-03-25 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]

2009-03-25 c:\windows\Tasks\User_Feed_Synchronization-{78515E5C-2951-414B-BEDF-4A0C81A1C72E}.job

- c:\windows\system32\msfeedssync.exe [2009-01-15 11:01]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-25 10:24:30

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'lsass.exe'(1212)

c:\program files\Bonjour\mdnsNSP.dll

.

Voltooingstijd: 2009-03-25 10:26:58

ComboFix-quarantined-files.txt 2009-03-25 09:26:56

ComboFix2.txt 2009-03-24 19:05:16

ComboFix3.txt 2009-03-24 14:58:43

Pre-Run: 16.599.662.592 bytes beschikbaar

Post-Run: 16,374,767,616 bytes beschikbaar

349 --- E O F --- 2009-03-24 11:00:51

______________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:33:42, on 25/03/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\system32\WTablet\Pen_TabletUser.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Windows Defender User Interface] C:\Program Files\Windows Defender\MSASCui.exe

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O13 - Gopher Prefix:

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--

End of file - 6951 bytes

[kape]

Op basis van je log van Combofix zouden er twee antivirusscanners op deze PC zitten : Norton en Bitdefender. Maar ... er zijn geen actieve onderdelen te vinden in je log, wat dus zou betekenen dat geen van deze twee scanners ook nog werkt. Je verhaal dat je geen bestanden terugvindt zou dit alleen maar kunnen bevestigen.

Waarschijnlijk zitten er dan van beide nog sporen in je register. Dit zou je eens kunnen uitzoeken door via Start -> Uitvoeren -> typ regedit naar het register te gaan en daar eens te zoeken op items van Symantec/Norton en Bitdefender. Dat zal veel duidelijk maken.

En ... misschien toch maar een actieve antivirusscanner installeren (zelfs een GRATIS scanner is al degelijk) ... want het is waarschijnlijk geen toeval dat - zonder bescherming - je PC zo zwaar besmet is/was.

Momenteel zien je logs er goed uit. Je mag dan ook de resten van de besmetting nog even opruimen :

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

[niorune]

Hallo Kape, nogmaals bedankt !

Ik heb er AVG op gezet nu als antivirus.

Alleen het probleem met de update blijft een probleem, hij geeft dat nu terug aan om die update te doen ?!

Verder werkt de laptop ietsje sneller

Mvg, Patrick