Heb al twee weken last van een virus op de pc dat ik maar niet gevonden laat staan verwijderd krijg:wall:
Volgens Avira gaat het hier om TR/BHO.Gen
Komt in de map c:users\patrick\appdata\local\temp\tt_123495224.ex e waarvan de laatste cijfers altijd veranderen.
Iemand raad??????

Werk met vista home 32 bits
Avira pers edition classic

alvast bedank voor de eventuele reacties

grtz
patrick

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:17, on 20-2-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\patrick\AppData\Local\Temp\Temp1_HiJackTh is[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:7070
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\system32\Msdxm6.ocx
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Setresolution] C:\ACERSW\config\1440x900.cmd
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [sysnltray2] c:\windows\nl07.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Race/Images/stg_drm.ocx
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 8853 bytes

Hoi,

1. Klik met je rechtermuisknop op HijackThis en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator)
Kies voor Do a system scan only.

Vink de volgende regels, indien aanwezig, aan:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [sysnltray2] c:\windows\nl07.exe
Sluit nu eerst alle vensters!
Klik hierna onderin op Fix Checked.
Sluit HijackThis hierna af.

2. Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord, tesamen met een nieuwe HijackThislog.

ComboFix 09-02-19.01 - patrick 2009-02-20 19:49:30.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.3071.2032 [GMT 1:00]
Gestart vanuit: c:\users\patrick\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\RichVideoCodec
c:\users\patrick\AppData\Roaming\.#
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-20 to 2009-02-20 ))))))))))))))))))))))))))))))
.
2009-02-20 19:33 . 2009-02-20 19:33 <DIR> d-------- c:\windows\BDOSCAN8
2009-02-20 19:15 . 2009-02-20 19:31 <DIR> d-------- c:\users\patrick\.housecall6.6
2009-02-20 16:57 . 2009-02-20 16:57 <DIR> d-------- c:\program files\Trend Micro
2009-02-18 22:30 . 2009-02-18 22:30 <DIR> d-------- c:\users\patrick\AppData\Roaming\InstallShield
2009-02-16 23:38 . 2009-02-16 23:38 <DIR> d-------- c:\users\patrick\AppData\Roaming\GTOPALA
2009-02-16 22:18 . 2009-02-20 15:56 65,536 --------- c:\windows\System32\Ikeext.etl
2009-02-15 19:58 . 2009-02-15 20:13 399 ---h----- c:\windows\nl49f4d98.dat
2009-02-15 19:57 . 2009-02-15 19:57 22,528 ---h----- c:\windows\nl07.exe
2009-02-15 19:57 . 2009-02-15 19:57 1 ---h----- c:\windows\nlmark2.dat
2009-02-15 19:56 . 2009-02-15 19:56 1 ---h----- c:\windows\f5667t5.dat
2009-02-15 11:53 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 11:53 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 11:53 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 11:53 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 11:53 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-12 19:17 . 2009-02-12 19:17 <DIR> d-------- c:\windows\Mystery P I The New York Fortune
2009-02-12 19:17 . 2009-02-12 19:17 <DIR> d-------- c:\program files\Mystery P I The New York Fortune
2009-02-12 19:10 . 2009-02-12 19:10 <DIR> d-------- c:\windows\Adventure Chronicles The Search for Lost Treasure
2009-02-12 19:00 . 2009-02-12 19:00 <DIR> d-------- c:\windows\The Mystery of the Crystal Portal
2009-02-12 19:00 . 2009-02-12 19:00 <DIR> d-------- c:\program files\The Mystery of the Crystal Portal
2009-02-12 18:29 . 2009-02-12 18:29 <DIR> d-------- c:\users\patrick\AppData\Roaming\Mushroom Age
2009-02-12 18:26 . 2009-02-12 18:26 <DIR> d-------- c:\windows\Mushroom Age
2009-02-12 18:26 . 2009-02-12 18:27 <DIR> d-------- c:\program files\Mushroom Age
2009-02-12 18:25 . 2009-02-12 18:25 <DIR> d-------- c:\windows\Alabama Smithin Escape from Pompeii
2009-02-12 18:25 . 2009-02-12 18:25 <DIR> d-------- c:\program files\Alabama Smithin Escape from Pompeii
2009-02-12 00:44 . 2009-02-12 00:44 <DIR> d-------- c:\users\patrick\AppData\Roaming\Gogii Games
2009-02-12 00:44 . 2009-02-12 00:44 <DIR> d-------- c:\users\All Users\Gogii Games
2009-02-12 00:44 . 2009-02-12 00:44 <DIR> d-------- c:\programdata\Gogii Games
2009-02-11 16:08 . 2009-02-11 16:08 <DIR> d-------- c:\windows\Righteous Kill
2009-02-11 16:08 . 2009-02-11 16:08 <DIR> d-------- c:\program files\Righteous Kill
2009-02-11 14:57 . 2009-02-11 14:57 <DIR> d-------- c:\windows\Magic Encyclopedia First Story
2009-02-11 14:57 . 2009-02-11 14:59 <DIR> d-------- c:\program files\Magic Encyclopedia First Story
2009-02-11 13:44 . 2009-02-17 21:28 <DIR> d-------- c:\program files\Games
2009-02-11 13:31 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 13:31 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-10 21:57 . 2009-02-10 21:57 <DIR> d-------- c:\users\patrick\AppData\Roaming\panoramik
2009-02-10 21:56 . 2009-02-10 21:56 <DIR> d-------- c:\program files\MumboJumbo
2009-02-10 18:42 . 2009-02-17 21:29 <DIR> d-------- c:\users\patrick\AppData\Roaming\uTorrent
2009-02-10 18:42 . 2009-02-10 18:42 <DIR> d-------- c:\program files\uTorrent
2009-02-08 20:31 . 2009-02-08 20:31 <DIR> d-------- c:\users\All Users\Dekovir
2009-02-08 20:31 . 2009-02-08 20:31 <DIR> d-------- c:\programdata\Dekovir
2009-02-08 18:12 . 2009-02-08 18:12 <DIR> d-------- c:\users\All Users\GameHouse
2009-02-08 18:12 . 2009-02-08 18:12 <DIR> d-------- c:\programdata\GameHouse
2009-02-08 15:57 . 2009-02-08 15:57 <DIR> d-------- c:\users\All Users\TheRace_dev
2009-02-08 15:57 . 2009-02-08 15:57 <DIR> d-------- c:\programdata\TheRace_dev
2009-02-08 14:47 . 2009-02-08 14:47 <DIR> d-------- c:\users\patrick\AppData\Roaming\Dragon Altar Games
2009-02-08 14:22 . 2009-02-08 14:22 <DIR> d-------- c:\program files\Vuze
2009-02-07 14:33 . 2009-02-07 23:58 <DIR> d-------- c:\users\All Users\MumboJumbo
2009-02-07 14:33 . 2009-02-07 23:58 <DIR> d-------- c:\programdata\MumboJumbo
2009-02-06 22:11 . 2009-02-06 22:15 <DIR> d-------- c:\users\All Users\Nick Chase A Detective Story
2009-02-06 22:11 . 2009-02-06 22:15 <DIR> d-------- c:\programdata\Nick Chase A Detective Story
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll
2009-02-06 00:55 . 2009-02-11 00:43 <DIR> d-------- c:\users\patrick\AppData\Roaming\Azureus
2009-02-06 00:55 . 2009-02-06 00:55 <DIR> d-------- c:\users\All Users\Azureus
2009-02-06 00:55 . 2009-02-06 00:55 <DIR> d-------- c:\programdata\Azureus
2009-02-04 21:07 . 2009-02-13 14:02 <DIR> d-------- c:\users\All Users\AdventureChronicles1
2009-02-04 21:07 . 2009-02-13 14:02 <DIR> d-------- c:\programdata\AdventureChronicles1
2009-02-03 21:43 . 2009-02-03 21:43 <DIR> d-------- c:\users\patrick\AppData\Roaming\SpinTop Games
2009-02-01 00:07 . 2009-02-01 00:07 <DIR> d-------- c:\users\patrick\AppData\Roaming\Talkback
2009-01-31 23:05 . 2009-02-01 00:08 <DIR> d-------- c:\users\Public\RealArcade
2009-01-31 23:05 . 2009-01-31 23:05 <DIR> d-------- c:\users\All Users\Mozilla
2009-01-31 23:05 . 2009-02-01 00:08 <DIR> d-------- c:\program files\RealArcade
2009-01-31 23:05 . 2009-02-01 00:08 <DIR> d-------- C:\My Games
2009-01-31 23:05 . 2009-01-31 23:05 0 --a------ c:\windows\nsreg.dat
2009-01-31 22:21 . 2009-01-31 22:21 <DIR> d-------- c:\users\All Users\WildWestQuest2
2009-01-31 22:21 . 2009-01-31 22:21 <DIR> d-------- c:\programdata\WildWestQuest2
2009-01-29 22:57 . 2009-01-29 23:02 <DIR> d-------- c:\users\patrick\AppData\Roaming\Mysteryville2
2009-01-29 22:22 . 2009-01-29 22:22 <DIR> d-------- c:\users\patrick\AppData\Roaming\Reflexivev1001
2009-01-29 22:17 . 2009-01-29 22:19 <DIR> d-------- c:\users\patrick\AppData\Roaming\MysteryStudio
2009-01-29 00:22 . 2009-01-29 00:22 <DIR> d-------- c:\users\All Users\Alawar Stargaze
2009-01-29 00:22 . 2009-01-29 00:22 <DIR> d-------- c:\programdata\Alawar Stargaze
2009-01-28 00:20 . 2009-01-31 23:06 <DIR> d-------- c:\users\patrick\AppData\Roaming\PlayFirst
2009-01-25 22:24 . 2009-01-25 22:24 <DIR> d-------- c:\users\All Users\BC Soft Games
2009-01-25 22:24 . 2009-01-25 22:24 <DIR> d-------- c:\programdata\BC Soft Games
2009-01-24 21:13 . 2009-01-24 21:13 <DIR> d-------- c:\users\All Users\MysteryChronicles
2009-01-24 21:13 . 2009-01-24 21:13 <DIR> d-------- c:\programdata\MysteryChronicles
2009-01-24 20:47 . 2009-01-24 20:47 <DIR> d-------- c:\users\patrick\AppData\Roaming\Friday's games
2009-01-24 20:44 . 2009-01-24 20:44 <DIR> d-------- c:\users\patrick\AppData\Roaming\SpinTop
2009-01-22 22:37 . 2009-01-28 00:20 <DIR> d-------- c:\users\All Users\PlayFirst
2009-01-22 22:37 . 2009-01-28 00:20 <DIR> d-------- c:\programdata\PlayFirst
2009-01-21 23:22 . 2009-01-21 23:22 <DIR> d-------- c:\users\patrick\AppData\Roaming\SPAMfighter
2009-01-21 23:21 . 2009-02-20 15:57 <DIR> d-------- c:\program files\SPAMfighter
2009-01-21 23:21 . 2009-01-21 23:21 <DIR> d-------- c:\program files\Common Files\Application
2009-01-20 00:17 . 2009-01-20 00:17 <DIR> d-------- c:\users\patrick\AppData\Roaming\blg
2009-01-20 00:17 . 2009-01-20 00:17 <DIR> d-------- c:\users\All Users\blg
2009-01-20 00:17 . 2009-01-20 00:17 <DIR> d-------- c:\programdata\blg
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-20 18:36 --------- d-----w c:\programdata\Google Updater
2009-02-20 18:13 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-20 18:13 --------- d-----w c:\program files\Java
2009-02-19 15:01 --------- d-----w c:\users\patrick\AppData\Roaming\Tyre
2009-02-18 21:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 20:16 --------- d---a-w c:\programdata\TEMP
2009-02-14 15:14 --------- d-----w c:\programdata\Tyre
2009-02-14 15:14 --------- d-----w c:\program files\Tyre
2009-02-11 21:00 --------- d-----w c:\program files\Windows Mail
2009-02-10 17:27 --------- d-----w c:\users\patrick\AppData\Roaming\LimeWire
2009-01-22 13:30 --------- d-----w c:\users\patrick\AppData\Roaming\gtk-2.0
2009-01-19 09:49 --------- d-----w c:\program files\Google
2009-01-18 19:10 --------- d-----w c:\programdata\Astar Games
2009-01-17 18:40 --------- d-----w c:\programdata\Redrum
2009-01-17 16:51 --------- d-----w c:\programdata\AlawarWrapper
2009-01-11 20:41 --------- d-----w c:\users\patrick\AppData\Roaming\cerasus.media
2009-01-11 19:30 --------- d-----w c:\users\patrick\AppData\Roaming\TMInc
2009-01-09 10:32 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-09 10:32 --------- d-----w c:\program files\Windows Live
2009-01-09 10:32 --------- d-----w c:\program files\Microsoft
2009-01-09 10:29 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-05 22:08 --------- d-----w c:\program files\Acer GameZone
2008-12-25 22:32 --------- d-----w c:\programdata\Media Center Programs
2008-12-25 13:37 --------- d-----w c:\users\patrick\AppData\Roaming\KompoZer
2008-12-23 21:37 --------- d-----w c:\users\patrick\AppData\Roaming\iWin
2008-12-22 13:27 --------- d-----w c:\program files\GIMP-2.0
2008-09-03 21:29 0 ----a-w c:\users\patrick\AppData\Roaming\wklnhst.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-08-21 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-05-06 196128]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-01-16 325768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-20 148888]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 c:\windows\SkyTel.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-05 110592]
ASETRES.EXE [2008-04-14 20480]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-03-14 2938184]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-04-21 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERAR~1\ACERDV~2\Kernel\Burner\MKDMP3 Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{1CD58457-7C8E-48E9-AB4C-A669E1E7A953}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3F8253A3-A6E4-40C2-BBDC-A364AC7AF815}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E2FED11-E839-41B2-B576-6AA00D7AFB8A}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{01F05B0A-CA76-4AC9-9B04-C5D44C7E3567}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{0201CC13-BEBB-484C-97C3-C9B6E8DE02A7}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{F3F996E5-7560-4183-BC66-D4D34A3586C1}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{4CD3A3EE-EF19-4B55-BE42-68232EF46B10}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{2173EC49-7A4D-478D-9A25-7B881E6858A2}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{6E91AA7E-15D8-4036-9EF0-FDDD121A4006}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{7E2BF243-A90C-4DD9-A96D-2F4DD13C37EF}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{129987DA-224C-4802-8ECB-86EF5920C921}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{22642EC9-6C7A-405F-9D9E-F7C0A6B4A0DF}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{C45D5978-6CE4-473F-A4E3-F96C26A2EDE8}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{64B69508-40F1-443A-960B-54A0B10CAF18}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8166B930-8414-45D2-8282-4C7FC555335A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{C3D3CD33-EEEE-417C-98B8-E8726B640BFA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{62AC522E-F2E5-4F34-A891-774AA0F9FC0A}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{DA924029-5491-4207-A573-29D9088D574B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{03A4603D-9AEA-417E-BD0F-ECBF97B7689B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-04-21 269448]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-16 184968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-08-21 42528]
S2 NFRAgent;NFRAgent;c:\windows\system32\svchost.exe -k nfrsvc [2008-01-21 21504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nfrsvc REG_MULTI_SZ NFRAgent
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6ad43d91-ace1-11dd-bad1-001d92986996}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e5171b2f-6f8c-11dd-9069-001d92986996}]
\shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
Inhoud van de 'Gedeelde Taken' map
2009-02-20 c:\windows\Tasks\User_Feed_Synchronization-{DCFF0330-69DE-4067-B7E3-DD1B4B2E4A88}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
- - - - ORPHANS VERWIJDERD - - - -
HKLM-Run-Setresolution - c:\acersw\config\1440x900.cmd
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-Netlog Music Tool - c:\program files\Netlog Music Tool\NetlogMusicTool.exe
MSConfigStartUp-Smileycons - c:\program files\Smileycons\smileycons.exe

.
------- Bijkomende Scan -------
.
mStart Page = hxxp://nl.intl.acer.yahoo.com
uInternet Settings,ProxyServer = http=localhost:7070
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: chatbabe.be\www
Trusted Zone: demotorsite.be
Trusted Zone: playvillage.be\www
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 19:51:26
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2009-02-20 19:53:03
ComboFix-quarantined-files.txt 2009-02-20 18:53:01
Pre-Run: 106.871.369.728 bytes beschikbaar
Post-Run: 109,255,090,176 bytes beschikbaar
233 --- E O F --- 2009-02-15 12:39:22

nieuw hijackTislog.:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:49, on 20-2-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:7070
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\system32\Msdxm6.ocx
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Race/Images/stg_drm.ocx
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 8312 bytes

Hoi,

Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand.

File::
c:\windows\nl49f4d98.dat
c:\windows\nl07.exe
c:\windows\nlmark2.dat
c:\windows\f5667t5.dat

Sla het kladblokbestand op als CFScript.txt
Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

hoi,
mijn pc is wel opnieuw opgestart maar combofix is niet opgestart,heb in iedergeval geen logfile.
MAAR kan het zijn dat het probleem opgelost is?Ik kreeg telkens na het opstarten van de pc van avira die meldigen dat er een virus was ,tot vier maal toe,en nu heb ik de pc al twee maal opgestart zonder dat er een melding is????????

groetjes

Hoi,

Kan zijn, maar kan ik niet bevestigen.
De logfile kun je terugvinden als C:\ComboFix.txt. Post die dus even :)

Dit is alles wat ervan terug vind,

ComboFix 09-02-19.01 - patrick 2009-02-20 20:47:33.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.3071.2081 [GMT 1:00]
Gestart vanuit: C:\Users\patrick\Desktop\ComboFix.exe
gebruikte Opdracht switches :: C:\Users\patrick\Documents\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
c:\windows\f5667t5.dat
c:\windows\nl07.exe
c:\windows\nl49f4d98.dat
c:\windows\nlmark2.dat

Hoi,

Doe even een nieuwe scan met ComboFix, en post het resultaat. :)

ComboFix 09-02-19.01 - patrick 2009-02-20 21:16:01.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.3071.2202 [GMT 1:00]
Gestart vanuit: c:\users\patrick\Desktop\ComboFix.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-20 to 2009-02-20 ))))))))))))))))))))))))))))))
.
2009-02-20 20:49 . 2009-02-20 20:49 235,326,054 --a------ c:\windows\MEMORY.DMP
2009-02-20 19:33 . 2009-02-20 19:33 <DIR> d-------- c:\windows\BDOSCAN8
2009-02-20 19:15 . 2009-02-20 19:31 <DIR> d-------- c:\users\patrick\.housecall6.6
2009-02-20 16:57 . 2009-02-20 16:57 <DIR> d-------- c:\program files\Trend Micro
2009-02-18 22:30 . 2009-02-18 22:30 <DIR> d-------- c:\users\patrick\AppData\Roaming\InstallShield
2009-02-16 23:38 . 2009-02-16 23:38 <DIR> d-------- c:\users\patrick\AppData\Roaming\GTOPALA
2009-02-16 22:18 . 2009-02-20 21:04 65,536 --------- c:\windows\System32\Ikeext.etl
2009-02-15 19:58 . 2009-02-15 20:13 399 ---h----- c:\windows\nl49f4d98.dat
2009-02-15 19:57 . 2009-02-15 19:57 22,528 ---h----- c:\windows\nl07.exe
2009-02-15 19:57 . 2009-02-15 19:57 1 ---h----- c:\windows\nlmark2.dat
2009-02-15 19:56 . 2009-02-15 19:56 1 ---h----- c:\windows\f5667t5.dat
2009-02-15 11:53 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 11:53 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 11:53 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 11:53 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 11:53 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-12 19:17 . 2009-02-12 19:17 <DIR> d-------- c:\windows\Mystery P I The New York Fortune
2009-02-12 19:17 . 2009-02-12 19:17 <DIR> d-------- c:\program files\Mystery P I The New York Fortune
2009-02-12 19:10 . 2009-02-12 19:10 <DIR> d-------- c:\windows\Adventure Chronicles The Search for Lost Treasure
2009-02-12 19:00 . 2009-02-12 19:00 <DIR> d-------- c:\windows\The Mystery of the Crystal Portal
2009-02-12 19:00 . 2009-02-12 19:00 <DIR> d-------- c:\program files\The Mystery of the Crystal Portal
2009-02-12 18:29 . 2009-02-12 18:29 <DIR> d-------- c:\users\patrick\AppData\Roaming\Mushroom Age
2009-02-12 18:26 . 2009-02-12 18:26 <DIR> d-------- c:\windows\Mushroom Age
2009-02-12 18:26 . 2009-02-12 18:27 <DIR> d-------- c:\program files\Mushroom Age
2009-02-12 18:25 . 2009-02-12 18:25 <DIR> d-------- c:\windows\Alabama Smithin Escape from Pompeii
2009-02-12 18:25 . 2009-02-12 18:25 <DIR> d-------- c:\program files\Alabama Smithin Escape from Pompeii
2009-02-12 00:44 . 2009-02-12 00:44 <DIR> d-------- c:\users\patrick\AppData\Roaming\Gogii Games
2009-02-12 00:44 . 2009-02-12 00:44 <DIR> d-------- c:\users\All Users\Gogii Games
2009-02-12 00:44 . 2009-02-12 00:44 <DIR> d-------- c:\programdata\Gogii Games
2009-02-11 16:08 . 2009-02-11 16:08 <DIR> d-------- c:\windows\Righteous Kill
2009-02-11 16:08 . 2009-02-11 16:08 <DIR> d-------- c:\program files\Righteous Kill
2009-02-11 14:57 . 2009-02-11 14:57 <DIR> d-------- c:\windows\Magic Encyclopedia First Story
2009-02-11 14:57 . 2009-02-11 14:59 <DIR> d-------- c:\program files\Magic Encyclopedia First Story
2009-02-11 13:44 . 2009-02-17 21:28 <DIR> d-------- c:\program files\Games
2009-02-11 13:31 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 13:31 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-10 21:57 . 2009-02-10 21:57 <DIR> d-------- c:\users\patrick\AppData\Roaming\panoramik
2009-02-10 21:56 . 2009-02-10 21:56 <DIR> d-------- c:\program files\MumboJumbo
2009-02-10 18:42 . 2009-02-17 21:29 <DIR> d-------- c:\users\patrick\AppData\Roaming\uTorrent
2009-02-10 18:42 . 2009-02-10 18:42 <DIR> d-------- c:\program files\uTorrent
2009-02-08 20:31 . 2009-02-08 20:31 <DIR> d-------- c:\users\All Users\Dekovir
2009-02-08 20:31 . 2009-02-08 20:31 <DIR> d-------- c:\programdata\Dekovir
2009-02-08 18:12 . 2009-02-08 18:12 <DIR> d-------- c:\users\All Users\GameHouse
2009-02-08 18:12 . 2009-02-08 18:12 <DIR> d-------- c:\programdata\GameHouse
2009-02-08 15:57 . 2009-02-08 15:57 <DIR> d-------- c:\users\All Users\TheRace_dev
2009-02-08 15:57 . 2009-02-08 15:57 <DIR> d-------- c:\programdata\TheRace_dev
2009-02-08 14:47 . 2009-02-08 14:47 <DIR> d-------- c:\users\patrick\AppData\Roaming\Dragon Altar Games
2009-02-08 14:22 . 2009-02-08 14:22 <DIR> d-------- c:\program files\Vuze
2009-02-07 14:33 . 2009-02-07 23:58 <DIR> d-------- c:\users\All Users\MumboJumbo
2009-02-07 14:33 . 2009-02-07 23:58 <DIR> d-------- c:\programdata\MumboJumbo
2009-02-06 22:11 . 2009-02-06 22:15 <DIR> d-------- c:\users\All Users\Nick Chase A Detective Story
2009-02-06 22:11 . 2009-02-06 22:15 <DIR> d-------- c:\programdata\Nick Chase A Detective Story
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll
2009-02-06 00:55 . 2009-02-11 00:43 <DIR> d-------- c:\users\patrick\AppData\Roaming\Azureus
2009-02-06 00:55 . 2009-02-06 00:55 <DIR> d-------- c:\users\All Users\Azureus
2009-02-06 00:55 . 2009-02-06 00:55 <DIR> d-------- c:\programdata\Azureus
2009-02-04 21:07 . 2009-02-13 14:02 <DIR> d-------- c:\users\All Users\AdventureChronicles1
2009-02-04 21:07 . 2009-02-13 14:02 <DIR> d-------- c:\programdata\AdventureChronicles1
2009-02-03 21:43 . 2009-02-03 21:43 <DIR> d-------- c:\users\patrick\AppData\Roaming\SpinTop Games
2009-02-01 00:07 . 2009-02-01 00:07 <DIR> d-------- c:\users\patrick\AppData\Roaming\Talkback
2009-01-31 23:05 . 2009-02-01 00:08 <DIR> d-------- c:\users\Public\RealArcade
2009-01-31 23:05 . 2009-01-31 23:05 <DIR> d-------- c:\users\All Users\Mozilla
2009-01-31 23:05 . 2009-02-01 00:08 <DIR> d-------- c:\program files\RealArcade
2009-01-31 23:05 . 2009-02-01 00:08 <DIR> d-------- C:\My Games
2009-01-31 23:05 . 2009-01-31 23:05 0 --a------ c:\windows\nsreg.dat
2009-01-31 22:21 . 2009-01-31 22:21 <DIR> d-------- c:\users\All Users\WildWestQuest2
2009-01-31 22:21 . 2009-01-31 22:21 <DIR> d-------- c:\programdata\WildWestQuest2
2009-01-29 22:57 . 2009-01-29 23:02 <DIR> d-------- c:\users\patrick\AppData\Roaming\Mysteryville2
2009-01-29 22:22 . 2009-01-29 22:22 <DIR> d-------- c:\users\patrick\AppData\Roaming\Reflexivev1001
2009-01-29 22:17 . 2009-01-29 22:19 <DIR> d-------- c:\users\patrick\AppData\Roaming\MysteryStudio
2009-01-29 00:22 . 2009-01-29 00:22 <DIR> d-------- c:\users\All Users\Alawar Stargaze
2009-01-29 00:22 . 2009-01-29 00:22 <DIR> d-------- c:\programdata\Alawar Stargaze
2009-01-28 00:20 . 2009-01-31 23:06 <DIR> d-------- c:\users\patrick\AppData\Roaming\PlayFirst
2009-01-25 22:24 . 2009-01-25 22:24 <DIR> d-------- c:\users\All Users\BC Soft Games
2009-01-25 22:24 . 2009-01-25 22:24 <DIR> d-------- c:\programdata\BC Soft Games
2009-01-24 21:13 . 2009-01-24 21:13 <DIR> d-------- c:\users\All Users\MysteryChronicles
2009-01-24 21:13 . 2009-01-24 21:13 <DIR> d-------- c:\programdata\MysteryChronicles
2009-01-24 20:47 . 2009-01-24 20:47 <DIR> d-------- c:\users\patrick\AppData\Roaming\Friday's games
2009-01-24 20:44 . 2009-01-24 20:44 <DIR> d-------- c:\users\patrick\AppData\Roaming\SpinTop
2009-01-22 22:37 . 2009-01-28 00:20 <DIR> d-------- c:\users\All Users\PlayFirst
2009-01-22 22:37 . 2009-01-28 00:20 <DIR> d-------- c:\programdata\PlayFirst
2009-01-21 23:22 . 2009-01-21 23:22 <DIR> d-------- c:\users\patrick\AppData\Roaming\SPAMfighter
2009-01-21 23:21 . 2009-02-20 21:05 <DIR> d-------- c:\program files\SPAMfighter
2009-01-21 23:21 . 2009-01-21 23:21 <DIR> d-------- c:\program files\Common Files\Application
2009-01-20 00:17 . 2009-01-20 00:17 <DIR> d-------- c:\users\patrick\AppData\Roaming\blg
2009-01-20 00:17 . 2009-01-20 00:17 <DIR> d-------- c:\users\All Users\blg
2009-01-20 00:17 . 2009-01-20 00:17 <DIR> d-------- c:\programdata\blg
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-20 18:36 --------- d-----w c:\programdata\Google Updater
2009-02-20 18:13 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-20 18:13 --------- d-----w c:\program files\Java
2009-02-19 15:01 --------- d-----w c:\users\patrick\AppData\Roaming\Tyre
2009-02-18 21:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 20:16 --------- d---a-w c:\programdata\TEMP
2009-02-14 15:14 --------- d-----w c:\programdata\Tyre
2009-02-14 15:14 --------- d-----w c:\program files\Tyre
2009-02-11 21:00 --------- d-----w c:\program files\Windows Mail
2009-02-10 17:27 --------- d-----w c:\users\patrick\AppData\Roaming\LimeWire
2009-01-22 13:30 --------- d-----w c:\users\patrick\AppData\Roaming\gtk-2.0
2009-01-19 09:49 --------- d-----w c:\program files\Google
2009-01-18 19:10 --------- d-----w c:\programdata\Astar Games
2009-01-17 18:40 --------- d-----w c:\programdata\Redrum
2009-01-17 16:51 --------- d-----w c:\programdata\AlawarWrapper
2009-01-11 20:41 --------- d-----w c:\users\patrick\AppData\Roaming\cerasus.media
2009-01-11 19:30 --------- d-----w c:\users\patrick\AppData\Roaming\TMInc
2009-01-09 10:32 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-09 10:32 --------- d-----w c:\program files\Windows Live
2009-01-09 10:32 --------- d-----w c:\program files\Microsoft
2009-01-09 10:29 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-05 22:08 --------- d-----w c:\program files\Acer GameZone
2008-12-25 22:32 --------- d-----w c:\programdata\Media Center Programs
2008-12-25 13:37 --------- d-----w c:\users\patrick\AppData\Roaming\KompoZer
2008-12-23 21:37 --------- d-----w c:\users\patrick\AppData\Roaming\iWin
2008-12-22 13:27 --------- d-----w c:\program files\GIMP-2.0
2008-09-03 21:29 0 ----a-w c:\users\patrick\AppData\Roaming\wklnhst.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-02-20_19.51.52,27 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-20 14:55:56 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-02-20 20:04:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2009-02-20 14:55:56 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-02-20 20:04:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-02-20 18:51:10 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-20 20:06:20 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-20 20:06:20 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat .LOG1
- 2009-02-20 14:25:36 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
+ 2009-02-20 19:07:32 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2009-02-20 14:25:36 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-20 19:07:32 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-20 14:25:36 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-20 19:07:32 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-20 18:51:04 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2009-02-20 20:06:15 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2009-02-20 20:06:15 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1
- 2009-02-20 18:46:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-02-20 20:04:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-02-20 18:46:56 131,072 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-20 20:04:55 131,072 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-20 18:46:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-20 20:04:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-20 15:01:56 101,052 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-20 20:11:19 101,052 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-20 15:01:56 126,648 ----a-w c:\windows\System32\perfc013.dat
+ 2009-02-20 20:11:19 126,648 ----a-w c:\windows\System32\perfc013.dat
- 2009-02-20 15:01:56 586,980 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-20 20:11:19 586,980 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-20 15:01:56 667,114 ----a-w c:\windows\System32\perfh013.dat
+ 2009-02-20 20:11:19 667,114 ----a-w c:\windows\System32\perfh013.dat
- 2009-02-20 14:57:43 9,534 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3563774019-1998820256-1686892039-1000_UserData.bin
+ 2009-02-20 20:06:31 9,754 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3563774019-1998820256-1686892039-1000_UserData.bin
- 2009-02-20 14:57:43 76,562 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-02-20 20:06:31 76,664 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2009-02-20 14:57:42 62,646 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-02-20 20:06:31 62,646 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-08-21 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-05-06 196128]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-01-16 325768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-20 148888]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 c:\windows\SkyTel.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-05 110592]
ASETRES.EXE [2008-04-14 20480]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-03-14 2938184]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-04-21 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERAR~1\ACERDV~2\Kernel\Burner\MKDMP3 Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{1CD58457-7C8E-48E9-AB4C-A669E1E7A953}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3F8253A3-A6E4-40C2-BBDC-A364AC7AF815}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E2FED11-E839-41B2-B576-6AA00D7AFB8A}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{01F05B0A-CA76-4AC9-9B04-C5D44C7E3567}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{0201CC13-BEBB-484C-97C3-C9B6E8DE02A7}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{F3F996E5-7560-4183-BC66-D4D34A3586C1}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{4CD3A3EE-EF19-4B55-BE42-68232EF46B10}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{2173EC49-7A4D-478D-9A25-7B881E6858A2}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{6E91AA7E-15D8-4036-9EF0-FDDD121A4006}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{7E2BF243-A90C-4DD9-A96D-2F4DD13C37EF}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{129987DA-224C-4802-8ECB-86EF5920C921}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{22642EC9-6C7A-405F-9D9E-F7C0A6B4A0DF}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{C45D5978-6CE4-473F-A4E3-F96C26A2EDE8}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{64B69508-40F1-443A-960B-54A0B10CAF18}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8166B930-8414-45D2-8282-4C7FC555335A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{C3D3CD33-EEEE-417C-98B8-E8726B640BFA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{62AC522E-F2E5-4F34-A891-774AA0F9FC0A}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{DA924029-5491-4207-A573-29D9088D574B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{03A4603D-9AEA-417E-BD0F-ECBF97B7689B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-04-21 269448]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-16 184968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-08-21 42528]
S2 NFRAgent;NFRAgent;c:\windows\system32\svchost.exe -k nfrsvc [2008-01-21 21504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nfrsvc REG_MULTI_SZ NFRAgent
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6ad43d91-ace1-11dd-bad1-001d92986996}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e5171b2f-6f8c-11dd-9069-001d92986996}]
\shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
Inhoud van de 'Gedeelde Taken' map
2009-02-20 c:\windows\Tasks\User_Feed_Synchronization-{DCFF0330-69DE-4067-B7E3-DD1B4B2E4A88}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
.
------- Bijkomende Scan -------
.
mStart Page = hxxp://nl.intl.acer.yahoo.com
uInternet Settings,ProxyServer = http=localhost:7070
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: chatbabe.be\www
Trusted Zone: demotorsite.be
Trusted Zone: playvillage.be\www
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 21:17:31
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...

c:\users\patrick\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan succesvol afgerond
verborgen bestanden: 1
************************************************** ************************
.
Voltooingstijd: 2009-02-20 21:19:04
ComboFix-quarantined-files.txt 2009-02-20 20:19:02
ComboFix2.txt 2009-02-20 18:53:04
Pre-Run: 112,166,989,824 bytes beschikbaar
Post-Run: 112,133,541,888 bytes beschikbaar
266 --- E O F --- 2009-02-15 12:39:22

Hoi,

Voer de CFScript opnieuw uit, en post de log. :)

Nu lijkt het wel gelukt te zijn :-)

ComboFix 09-02-19.01 - patrick 2009-02-20 22:08:43.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.3071.1925 [GMT 1:00]
Gestart vanuit: c:\users\patrick\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\patrick\Documents\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-20 to 2009-02-20 ))))))))))))))))))))))))))))))
.
2009-02-20 22:07 . 2009-02-20 22:07 <DIR> d-------- C:\32788R22FWJFW
2009-02-20 20:49 . 2009-02-20 20:49 235,326,054 --a------ c:\windows\MEMORY.DMP
2009-02-20 19:33 . 2009-02-20 19:33 <DIR> d-------- c:\windows\BDOSCAN8
2009-02-20 19:15 . 2009-02-20 19:31 <DIR> d-------- c:\users\patrick\.housecall6.6
2009-02-20 16:57 . 2009-02-20 16:57 <DIR> d-------- c:\program files\Trend Micro
2009-02-18 22:30 . 2009-02-18 22:30 <DIR> d-------- c:\users\patrick\AppData\Roaming\InstallShield
2009-02-16 23:38 . 2009-02-16 23:38 <DIR> d-------- c:\users\patrick\AppData\Roaming\GTOPALA
2009-02-16 22:18 . 2009-02-20 21:22 65,536 --------- c:\windows\System32\Ikeext.etl
2009-02-15 19:58 . 2009-02-15 20:13 399 ---h----- c:\windows\nl49f4d98.dat
2009-02-15 19:57 . 2009-02-15 19:57 22,528 ---h----- c:\windows\nl07.exe
2009-02-15 19:57 . 2009-02-15 19:57 1 ---h----- c:\windows\nlmark2.dat
2009-02-15 19:56 . 2009-02-15 19:56 1 ---h----- c:\windows\f5667t5.dat
2009-02-15 11:53 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 11:53 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 11:53 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 11:53 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 11:53 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-12 19:17 . 2009-02-12 19:17 <DIR> d-------- c:\windows\Mystery P I The New York Fortune
2009-02-12 19:17 . 2009-02-12 19:17 <DIR> d-------- c:\program files\Mystery P I The New York Fortune
2009-02-12 19:10 . 2009-02-12 19:10 <DIR> d-------- c:\windows\Adventure Chronicles The Search for Lost Treasure
2009-02-12 19:00 . 2009-02-12 19:00 <DIR> d-------- c:\windows\The Mystery of the Crystal Portal
2009-02-12 19:00 . 2009-02-12 19:00 <DIR> d-------- c:\program files\The Mystery of the Crystal Portal
2009-02-12 18:29 . 2009-02-12 18:29 <DIR> d-------- c:\users\patrick\AppData\Roaming\Mushroom Age
2009-02-12 18:26 . 2009-02-12 18:26 <DIR> d-------- c:\windows\Mushroom Age
2009-02-12 18:26 . 2009-02-12 18:27 <DIR> d-------- c:\program files\Mushroom Age
2009-02-12 18:25 . 2009-02-12 18:25 <DIR> d-------- c:\windows\Alabama Smithin Escape from Pompeii
2009-02-12 18:25 . 2009-02-12 18:25 <DIR> d-------- c:\program files\Alabama Smithin Escape from Pompeii
2009-02-12 00:44 . 2009-02-12 00:44 <DIR> d-------- c:\users\patrick\AppData\Roaming\Gogii Games
2009-02-12 00:44 . 2009-02-12 00:44 <DIR> d-------- c:\users\All Users\Gogii Games
2009-02-12 00:44 . 2009-02-12 00:44 <DIR> d-------- c:\programdata\Gogii Games
2009-02-11 16:08 . 2009-02-11 16:08 <DIR> d-------- c:\windows\Righteous Kill
2009-02-11 16:08 . 2009-02-11 16:08 <DIR> d-------- c:\program files\Righteous Kill
2009-02-11 14:57 . 2009-02-11 14:57 <DIR> d-------- c:\windows\Magic Encyclopedia First Story
2009-02-11 14:57 . 2009-02-11 14:59 <DIR> d-------- c:\program files\Magic Encyclopedia First Story
2009-02-11 13:44 . 2009-02-17 21:28 <DIR> d-------- c:\program files\Games
2009-02-11 13:31 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 13:31 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-10 21:57 . 2009-02-10 21:57 <DIR> d-------- c:\users\patrick\AppData\Roaming\panoramik
2009-02-10 21:56 . 2009-02-10 21:56 <DIR> d-------- c:\program files\MumboJumbo
2009-02-10 18:42 . 2009-02-17 21:29 <DIR> d-------- c:\users\patrick\AppData\Roaming\uTorrent
2009-02-10 18:42 . 2009-02-10 18:42 <DIR> d-------- c:\program files\uTorrent
2009-02-08 20:31 . 2009-02-08 20:31 <DIR> d-------- c:\users\All Users\Dekovir
2009-02-08 20:31 . 2009-02-08 20:31 <DIR> d-------- c:\programdata\Dekovir
2009-02-08 18:12 . 2009-02-08 18:12 <DIR> d-------- c:\users\All Users\GameHouse
2009-02-08 18:12 . 2009-02-08 18:12 <DIR> d-------- c:\programdata\GameHouse
2009-02-08 15:57 . 2009-02-08 15:57 <DIR> d-------- c:\users\All Users\TheRace_dev
2009-02-08 15:57 . 2009-02-08 15:57 <DIR> d-------- c:\programdata\TheRace_dev
2009-02-08 14:47 . 2009-02-08 14:47 <DIR> d-------- c:\users\patrick\AppData\Roaming\Dragon Altar Games
2009-02-08 14:22 . 2009-02-08 14:22 <DIR> d-------- c:\program files\Vuze
2009-02-07 14:33 . 2009-02-07 23:58 <DIR> d-------- c:\users\All Users\MumboJumbo
2009-02-07 14:33 . 2009-02-07 23:58 <DIR> d-------- c:\programdata\MumboJumbo
2009-02-06 22:11 . 2009-02-06 22:15 <DIR> d-------- c:\users\All Users\Nick Chase A Detective Story
2009-02-06 22:11 . 2009-02-06 22:15 <DIR> d-------- c:\programdata\Nick Chase A Detective Story
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll
2009-02-06 00:55 . 2009-02-11 00:43 <DIR> d-------- c:\users\patrick\AppData\Roaming\Azureus
2009-02-06 00:55 . 2009-02-06 00:55 <DIR> d-------- c:\users\All Users\Azureus
2009-02-06 00:55 . 2009-02-06 00:55 <DIR> d-------- c:\programdata\Azureus
2009-02-04 21:07 . 2009-02-13 14:02 <DIR> d-------- c:\users\All Users\AdventureChronicles1
2009-02-04 21:07 . 2009-02-13 14:02 <DIR> d-------- c:\programdata\AdventureChronicles1
2009-02-03 21:43 . 2009-02-03 21:43 <DIR> d-------- c:\users\patrick\AppData\Roaming\SpinTop Games
2009-02-01 00:07 . 2009-02-01 00:07 <DIR> d-------- c:\users\patrick\AppData\Roaming\Talkback
2009-01-31 23:05 . 2009-02-01 00:08 <DIR> d-------- c:\users\Public\RealArcade
2009-01-31 23:05 . 2009-01-31 23:05 <DIR> d-------- c:\users\All Users\Mozilla
2009-01-31 23:05 . 2009-02-01 00:08 <DIR> d-------- c:\program files\RealArcade
2009-01-31 23:05 . 2009-02-01 00:08 <DIR> d-------- C:\My Games
2009-01-31 23:05 . 2009-01-31 23:05 0 --a------ c:\windows\nsreg.dat
2009-01-31 22:21 . 2009-01-31 22:21 <DIR> d-------- c:\users\All Users\WildWestQuest2
2009-01-31 22:21 . 2009-01-31 22:21 <DIR> d-------- c:\programdata\WildWestQuest2
2009-01-29 22:57 . 2009-01-29 23:02 <DIR> d-------- c:\users\patrick\AppData\Roaming\Mysteryville2
2009-01-29 22:22 . 2009-01-29 22:22 <DIR> d-------- c:\users\patrick\AppData\Roaming\Reflexivev1001
2009-01-29 22:17 . 2009-01-29 22:19 <DIR> d-------- c:\users\patrick\AppData\Roaming\MysteryStudio
2009-01-29 00:22 . 2009-01-29 00:22 <DIR> d-------- c:\users\All Users\Alawar Stargaze
2009-01-29 00:22 . 2009-01-29 00:22 <DIR> d-------- c:\programdata\Alawar Stargaze
2009-01-28 00:20 . 2009-01-31 23:06 <DIR> d-------- c:\users\patrick\AppData\Roaming\PlayFirst
2009-01-25 22:24 . 2009-01-25 22:24 <DIR> d-------- c:\users\All Users\BC Soft Games
2009-01-25 22:24 . 2009-01-25 22:24 <DIR> d-------- c:\programdata\BC Soft Games
2009-01-24 21:13 . 2009-01-24 21:13 <DIR> d-------- c:\users\All Users\MysteryChronicles
2009-01-24 21:13 . 2009-01-24 21:13 <DIR> d-------- c:\programdata\MysteryChronicles
2009-01-24 20:47 . 2009-01-24 20:47 <DIR> d-------- c:\users\patrick\AppData\Roaming\Friday's games
2009-01-24 20:44 . 2009-01-24 20:44 <DIR> d-------- c:\users\patrick\AppData\Roaming\SpinTop
2009-01-22 22:37 . 2009-01-28 00:20 <DIR> d-------- c:\users\All Users\PlayFirst
2009-01-22 22:37 . 2009-01-28 00:20 <DIR> d-------- c:\programdata\PlayFirst
2009-01-21 23:22 . 2009-01-21 23:22 <DIR> d-------- c:\users\patrick\AppData\Roaming\SPAMfighter
2009-01-21 23:21 . 2009-02-20 21:23 <DIR> d-------- c:\program files\SPAMfighter
2009-01-21 23:21 . 2009-01-21 23:21 <DIR> d-------- c:\program files\Common Files\Application
2009-01-20 00:17 . 2009-01-20 00:17 <DIR> d-------- c:\users\patrick\AppData\Roaming\blg
2009-01-20 00:17 . 2009-01-20 00:17 <DIR> d-------- c:\users\All Users\blg
2009-01-20 00:17 . 2009-01-20 00:17 <DIR> d-------- c:\programdata\blg
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-20 18:36 --------- d-----w c:\programdata\Google Updater
2009-02-20 18:13 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-20 18:13 --------- d-----w c:\program files\Java
2009-02-19 15:01 --------- d-----w c:\users\patrick\AppData\Roaming\Tyre
2009-02-18 21:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 20:16 --------- d---a-w c:\programdata\TEMP
2009-02-14 15:14 --------- d-----w c:\programdata\Tyre
2009-02-14 15:14 --------- d-----w c:\program files\Tyre
2009-02-11 21:00 --------- d-----w c:\program files\Windows Mail
2009-02-10 17:27 --------- d-----w c:\users\patrick\AppData\Roaming\LimeWire
2009-01-22 13:30 --------- d-----w c:\users\patrick\AppData\Roaming\gtk-2.0
2009-01-19 09:49 --------- d-----w c:\program files\Google
2009-01-18 19:10 --------- d-----w c:\programdata\Astar Games
2009-01-17 18:40 --------- d-----w c:\programdata\Redrum
2009-01-17 16:51 --------- d-----w c:\programdata\AlawarWrapper
2009-01-11 20:41 --------- d-----w c:\users\patrick\AppData\Roaming\cerasus.media
2009-01-11 19:30 --------- d-----w c:\users\patrick\AppData\Roaming\TMInc
2009-01-09 10:32 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-09 10:32 --------- d-----w c:\program files\Windows Live
2009-01-09 10:32 --------- d-----w c:\program files\Microsoft
2009-01-09 10:29 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-05 22:08 --------- d-----w c:\program files\Acer GameZone
2008-12-25 22:32 --------- d-----w c:\programdata\Media Center Programs
2008-12-25 13:37 --------- d-----w c:\users\patrick\AppData\Roaming\KompoZer
2008-12-23 21:37 --------- d-----w c:\users\patrick\AppData\Roaming\iWin
2008-12-22 13:27 --------- d-----w c:\program files\GIMP-2.0
2008-09-03 21:29 0 ----a-w c:\users\patrick\AppData\Roaming\wklnhst.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot_2009-02-20_21.17.52.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-20 20:04:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-02-20 20:21:56 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2009-02-20 20:04:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-02-20 20:21:56 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-02-16 21:14:13 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2009-02-20 20:19:50 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
- 2009-02-16 21:14:13 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-20 20:19:50 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-16 21:14:13 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-20 20:19:50 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
- 2009-02-20 20:06:20 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-20 20:23:17 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-20 20:23:17 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat .LOG1
- 2009-02-20 20:06:15 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2009-02-20 20:23:22 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2009-02-20 20:23:22 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1
- 2009-02-20 20:04:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-02-20 21:11:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-02-20 20:04:55 131,072 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-20 21:11:55 131,072 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-20 20:04:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-20 21:11:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-20 20:11:19 101,052 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-20 20:27:47 101,052 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-20 20:11:19 126,648 ----a-w c:\windows\System32\perfc013.dat
+ 2009-02-20 20:27:47 126,648 ----a-w c:\windows\System32\perfc013.dat
- 2009-02-20 20:11:19 586,980 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-20 20:27:47 586,980 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-20 20:11:19 667,114 ----a-w c:\windows\System32\perfh013.dat
+ 2009-02-20 20:27:47 667,114 ----a-w c:\windows\System32\perfh013.dat
- 2009-02-20 20:06:31 9,754 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3563774019-1998820256-1686892039-1000_UserData.bin
+ 2009-02-20 20:23:42 9,754 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3563774019-1998820256-1686892039-1000_UserData.bin
- 2009-02-20 20:06:31 76,664 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-02-20 20:23:42 76,664 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2009-02-20 20:06:31 62,646 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-02-20 20:23:42 62,646 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-08-21 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-05-06 196128]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-01-16 325768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-20 148888]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 c:\windows\SkyTel.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-05 110592]
ASETRES.EXE [2008-04-14 20480]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-03-14 2938184]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-04-21 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERAR~1\ACERDV~2\Kernel\Burner\MKDMP3 Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{1CD58457-7C8E-48E9-AB4C-A669E1E7A953}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3F8253A3-A6E4-40C2-BBDC-A364AC7AF815}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E2FED11-E839-41B2-B576-6AA00D7AFB8A}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{01F05B0A-CA76-4AC9-9B04-C5D44C7E3567}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{0201CC13-BEBB-484C-97C3-C9B6E8DE02A7}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{F3F996E5-7560-4183-BC66-D4D34A3586C1}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{4CD3A3EE-EF19-4B55-BE42-68232EF46B10}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{2173EC49-7A4D-478D-9A25-7B881E6858A2}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{6E91AA7E-15D8-4036-9EF0-FDDD121A4006}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{7E2BF243-A90C-4DD9-A96D-2F4DD13C37EF}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{129987DA-224C-4802-8ECB-86EF5920C921}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{22642EC9-6C7A-405F-9D9E-F7C0A6B4A0DF}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{C45D5978-6CE4-473F-A4E3-F96C26A2EDE8}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{64B69508-40F1-443A-960B-54A0B10CAF18}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8166B930-8414-45D2-8282-4C7FC555335A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{C3D3CD33-EEEE-417C-98B8-E8726B640BFA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{62AC522E-F2E5-4F34-A891-774AA0F9FC0A}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{DA924029-5491-4207-A573-29D9088D574B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{03A4603D-9AEA-417E-BD0F-ECBF97B7689B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-04-21 269448]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-16 184968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-08-21 42528]
S2 NFRAgent;NFRAgent;c:\windows\system32\svchost.exe -k nfrsvc [2008-01-21 21504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nfrsvc REG_MULTI_SZ NFRAgent
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6ad43d91-ace1-11dd-bad1-001d92986996}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e5171b2f-6f8c-11dd-9069-001d92986996}]
\shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
Inhoud van de 'Gedeelde Taken' map
2009-02-20 c:\windows\Tasks\User_Feed_Synchronization-{DCFF0330-69DE-4067-B7E3-DD1B4B2E4A88}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
.
------- Bijkomende Scan -------
.
mStart Page = hxxp://nl.intl.acer.yahoo.com
uInternet Settings,ProxyServer = http=localhost:7070
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: chatbabe.be\www
Trusted Zone: demotorsite.be
Trusted Zone: playvillage.be\www
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 22:12:04
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2009-02-20 22:14:49
ComboFix-quarantined-files.txt 2009-02-20 21:14:46
ComboFix2.txt 2009-02-20 20:19:05
ComboFix3.txt 2009-02-20 18:53:04
Pre-Run: 111.828.312.064 bytes beschikbaar
Post-Run: 111,795,036,160 bytes beschikbaar
269 --- E O F --- 2009-02-15 12:39:22

Sorry dat het altijd even duurd,maar na elke scan met combofix word mijn internet verbinding verbroken en moet ik de pc terug opstarten

groetjes

Alles lijkt hier voor mij normaal te verlopen nu,moest het zijn dat iemand nog een onregelmatigheid opmerkt,lees ik het wel:)

@ Black_Bird , man man gij zijt hartelijk bedankt en ik hoop je ook eens met iets te kunnen helpen,bedankt hé:bow:

groetjes patrick

Hoi,

Vreemd. Er ontbreken delen uit de ComboFixlog. Niet jouw schuld, maar die van ComboFix. Doe dit:

1. Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand.

File::
c:\windows\nl49f4d98.dat
c:\windows\nl07.exe
c:\windows\nlmark2.dat
c:\windows\f5667t5.dat
Folder::
C:\32788R22FWJFW

Sla het kladblokbestand op als CFScript.txt
Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

2. Download BIT (http://www.blackbirdweb.org/files/BIT.zip) naar je bureaublad.
Pak het bestand uit (http://www.blackbirdweb.org/nl/artikelen/zipbestanden.shtml).
Dubbelklik nu op BIT, en kies in het hoofdmenu voor optie 1 - Create a driver report
Post dit logje in je volgende antwoord.

ComboFix 09-02-19.01 - patrick 2009-02-21 12:03:47.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.3071.2131 [GMT 1:00]
Gestart vanuit: c:\users\patrick\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\patrick\Documents\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
c:\windows\f5667t5.dat
c:\windows\nl07.exe
c:\windows\nl49f4d98.dat
c:\windows\nlmark2.dat
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\f5667t5.dat
c:\windows\nl07.exe
c:\windows\nl49f4d98.dat
c:\windows\nlmark2.dat
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-21 to 2009-02-21 ))))))))))))))))))))))))))))))
.
2009-02-20 20:49 . 2009-02-20 20:49 235,326,054 --a------ c:\windows\MEMORY.DMP
2009-02-20 19:33 . 2009-02-20 19:33 <DIR> d-------- c:\windows\BDOSCAN8
2009-02-20 19:15 . 2009-02-20 19:31 <DIR> d-------- c:\users\patrick\.housecall6.6
2009-02-20 16:57 . 2009-02-20 16:57 <DIR> d-------- c:\program files\Trend Micro
2009-02-18 22:30 . 2009-02-18 22:30 <DIR> d-------- c:\users\patrick\AppData\Roaming\InstallShield
2009-02-16 23:38 . 2009-02-16 23:38 <DIR> d-------- c:\users\patrick\AppData\Roaming\GTOPALA
2009-02-16 22:18 . 2009-02-21 11:47 65,536 --------- c:\windows\System32\Ikeext.etl
2009-02-15 11:53 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 11:53 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 11:53 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 11:53 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 11:53 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-12 19:17 . 2009-02-12 19:17 <DIR> d-------- c:\windows\Mystery P I The New York Fortune
2009-02-12 19:17 . 2009-02-12 19:17 <DIR> d-------- c:\program files\Mystery P I The New York Fortune
2009-02-12 19:10 . 2009-02-12 19:10 <DIR> d-------- c:\windows\Adventure Chronicles The Search for Lost Treasure
2009-02-12 19:00 . 2009-02-12 19:00 <DIR> d-------- c:\windows\The Mystery of the Crystal Portal
2009-02-12 19:00 . 2009-02-12 19:00 <DIR> d-------- c:\program files\The Mystery of the Crystal Portal
2009-02-12 18:29 . 2009-02-12 18:29 <DIR> d-------- c:\users\patrick\AppData\Roaming\Mushroom Age
2009-02-12 18:26 . 2009-02-12 18:26 <DIR> d-------- c:\windows\Mushroom Age
2009-02-12 18:26 . 2009-02-12 18:27 <DIR> d-------- c:\program files\Mushroom Age
2009-02-12 18:25 . 2009-02-12 18:25 <DIR> d-------- c:\windows\Alabama Smithin Escape from Pompeii
2009-02-12 18:25 . 2009-02-12 18:25 <DIR> d-------- c:\program files\Alabama Smithin Escape from Pompeii
2009-02-12 00:44 . 2009-02-12 00:44 <DIR> d-------- c:\users\patrick\AppData\Roaming\Gogii Games
2009-02-12 00:44 . 2009-02-12 00:44 <DIR> d-------- c:\users\All Users\Gogii Games
2009-02-12 00:44 . 2009-02-12 00:44 <DIR> d-------- c:\programdata\Gogii Games
2009-02-11 16:08 . 2009-02-11 16:08 <DIR> d-------- c:\windows\Righteous Kill
2009-02-11 16:08 . 2009-02-11 16:08 <DIR> d-------- c:\program files\Righteous Kill
2009-02-11 14:57 . 2009-02-11 14:57 <DIR> d-------- c:\windows\Magic Encyclopedia First Story
2009-02-11 14:57 . 2009-02-11 14:59 <DIR> d-------- c:\program files\Magic Encyclopedia First Story
2009-02-11 13:44 . 2009-02-17 21:28 <DIR> d-------- c:\program files\Games
2009-02-11 13:31 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 13:31 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-10 21:57 . 2009-02-10 21:57 <DIR> d-------- c:\users\patrick\AppData\Roaming\panoramik
2009-02-10 21:56 . 2009-02-10 21:56 <DIR> d-------- c:\program files\MumboJumbo
2009-02-10 18:42 . 2009-02-17 21:29 <DIR> d-------- c:\users\patrick\AppData\Roaming\uTorrent
2009-02-10 18:42 . 2009-02-10 18:42 <DIR> d-------- c:\program files\uTorrent
2009-02-08 20:31 . 2009-02-08 20:31 <DIR> d-------- c:\users\All Users\Dekovir
2009-02-08 20:31 . 2009-02-08 20:31 <DIR> d-------- c:\programdata\Dekovir
2009-02-08 18:12 . 2009-02-08 18:12 <DIR> d-------- c:\users\All Users\GameHouse
2009-02-08 18:12 . 2009-02-08 18:12 <DIR> d-------- c:\programdata\GameHouse
2009-02-08 15:57 . 2009-02-08 15:57 <DIR> d-------- c:\users\All Users\TheRace_dev
2009-02-08 15:57 . 2009-02-08 15:57 <DIR> d-------- c:\programdata\TheRace_dev
2009-02-08 14:47 . 2009-02-08 14:47 <DIR> d-------- c:\users\patrick\AppData\Roaming\Dragon Altar Games
2009-02-08 14:22 . 2009-02-08 14:22 <DIR> d-------- c:\program files\Vuze
2009-02-07 14:33 . 2009-02-07 23:58 <DIR> d-------- c:\users\All Users\MumboJumbo
2009-02-07 14:33 . 2009-02-07 23:58 <DIR> d-------- c:\programdata\MumboJumbo
2009-02-06 22:11 . 2009-02-06 22:15 <DIR> d-------- c:\users\All Users\Nick Chase A Detective Story
2009-02-06 22:11 . 2009-02-06 22:15 <DIR> d-------- c:\programdata\Nick Chase A Detective Story
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll
2009-02-06 00:55 . 2009-02-11 00:43 <DIR> d-------- c:\users\patrick\AppData\Roaming\Azureus
2009-02-06 00:55 . 2009-02-06 00:55 <DIR> d-------- c:\users\All Users\Azureus
2009-02-06 00:55 . 2009-02-06 00:55 <DIR> d-------- c:\programdata\Azureus
2009-02-04 21:07 . 2009-02-13 14:02 <DIR> d-------- c:\users\All Users\AdventureChronicles1
2009-02-04 21:07 . 2009-02-13 14:02 <DIR> d-------- c:\programdata\AdventureChronicles1
2009-02-03 21:43 . 2009-02-03 21:43 <DIR> d-------- c:\users\patrick\AppData\Roaming\SpinTop Games
2009-02-01 00:07 . 2009-02-01 00:07 <DIR> d-------- c:\users\patrick\AppData\Roaming\Talkback
2009-01-31 23:05 . 2009-02-01 00:08 <DIR> d-------- c:\users\Public\RealArcade
2009-01-31 23:05 . 2009-01-31 23:05 <DIR> d-------- c:\users\All Users\Mozilla
2009-01-31 23:05 . 2009-02-01 00:08 <DIR> d-------- c:\program files\RealArcade
2009-01-31 23:05 . 2009-02-01 00:08 <DIR> d-------- C:\My Games
2009-01-31 23:05 . 2009-01-31 23:05 0 --a------ c:\windows\nsreg.dat
2009-01-31 22:21 . 2009-01-31 22:21 <DIR> d-------- c:\users\All Users\WildWestQuest2
2009-01-31 22:21 . 2009-01-31 22:21 <DIR> d-------- c:\programdata\WildWestQuest2
2009-01-29 22:57 . 2009-01-29 23:02 <DIR> d-------- c:\users\patrick\AppData\Roaming\Mysteryville2
2009-01-29 22:22 . 2009-01-29 22:22 <DIR> d-------- c:\users\patrick\AppData\Roaming\Reflexivev1001
2009-01-29 22:17 . 2009-01-29 22:19 <DIR> d-------- c:\users\patrick\AppData\Roaming\MysteryStudio
2009-01-29 00:22 . 2009-01-29 00:22 <DIR> d-------- c:\users\All Users\Alawar Stargaze
2009-01-29 00:22 . 2009-01-29 00:22 <DIR> d-------- c:\programdata\Alawar Stargaze
2009-01-28 00:20 . 2009-01-31 23:06 <DIR> d-------- c:\users\patrick\AppData\Roaming\PlayFirst
2009-01-25 22:24 . 2009-01-25 22:24 <DIR> d-------- c:\users\All Users\BC Soft Games
2009-01-25 22:24 . 2009-01-25 22:24 <DIR> d-------- c:\programdata\BC Soft Games
2009-01-24 21:13 . 2009-01-24 21:13 <DIR> d-------- c:\users\All Users\MysteryChronicles
2009-01-24 21:13 . 2009-01-24 21:13 <DIR> d-------- c:\programdata\MysteryChronicles
2009-01-24 20:47 . 2009-01-24 20:47 <DIR> d-------- c:\users\patrick\AppData\Roaming\Friday's games
2009-01-24 20:44 . 2009-01-24 20:44 <DIR> d-------- c:\users\patrick\AppData\Roaming\SpinTop
2009-01-22 22:37 . 2009-01-28 00:20 <DIR> d-------- c:\users\All Users\PlayFirst
2009-01-22 22:37 . 2009-01-28 00:20 <DIR> d-------- c:\programdata\PlayFirst
2009-01-21 23:22 . 2009-01-21 23:22 <DIR> d-------- c:\users\patrick\AppData\Roaming\SPAMfighter
2009-01-21 23:21 . 2009-02-21 11:48 <DIR> d-------- c:\program files\SPAMfighter
2009-01-21 23:21 . 2009-01-21 23:21 <DIR> d-------- c:\program files\Common Files\Application
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-20 18:36 --------- d-----w c:\programdata\Google Updater
2009-02-20 18:13 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-20 18:13 --------- d-----w c:\program files\Java
2009-02-19 15:01 --------- d-----w c:\users\patrick\AppData\Roaming\Tyre
2009-02-18 21:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 20:16 --------- d---a-w c:\programdata\TEMP
2009-02-14 15:14 --------- d-----w c:\programdata\Tyre
2009-02-14 15:14 --------- d-----w c:\program files\Tyre
2009-02-11 21:00 --------- d-----w c:\program files\Windows Mail
2009-02-10 17:27 --------- d-----w c:\users\patrick\AppData\Roaming\LimeWire
2009-01-22 13:30 --------- d-----w c:\users\patrick\AppData\Roaming\gtk-2.0
2009-01-19 23:17 --------- d-----w c:\users\patrick\AppData\Roaming\blg
2009-01-19 23:17 --------- d-----w c:\programdata\blg
2009-01-19 09:49 --------- d-----w c:\program files\Google
2009-01-18 19:10 --------- d-----w c:\programdata\Astar Games
2009-01-17 18:40 --------- d-----w c:\programdata\Redrum
2009-01-17 16:51 --------- d-----w c:\programdata\AlawarWrapper
2009-01-11 20:41 --------- d-----w c:\users\patrick\AppData\Roaming\cerasus.media
2009-01-11 19:30 --------- d-----w c:\users\patrick\AppData\Roaming\TMInc
2009-01-09 10:32 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-09 10:32 --------- d-----w c:\program files\Windows Live
2009-01-09 10:32 --------- d-----w c:\program files\Microsoft
2009-01-09 10:29 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-05 22:08 --------- d-----w c:\program files\Acer GameZone
2008-12-25 22:32 --------- d-----w c:\programdata\Media Center Programs
2008-12-25 13:37 --------- d-----w c:\users\patrick\AppData\Roaming\KompoZer
2008-12-23 21:37 --------- d-----w c:\users\patrick\AppData\Roaming\iWin
2008-12-22 13:27 --------- d-----w c:\program files\GIMP-2.0
2008-09-03 21:29 0 ----a-w c:\users\patrick\AppData\Roaming\wklnhst.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot_2009-02-20_22.13.27,84 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-20 20:21:56 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-02-21 10:47:06 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2009-02-20 20:21:56 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-02-21 10:47:06 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-02-20 20:23:17 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-21 10:48:42 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-21 10:48:42 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat .LOG1
- 2009-02-20 20:23:22 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2009-02-21 10:48:37 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2009-02-21 10:48:37 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1
- 2009-02-20 21:11:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-02-21 10:47:17 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-02-20 21:11:55 131,072 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-21 10:47:17 131,072 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-20 21:11:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-21 10:47:17 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-20 20:27:47 101,052 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-21 10:53:20 101,052 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-20 20:27:47 126,648 ----a-w c:\windows\System32\perfc013.dat
+ 2009-02-21 10:53:20 126,648 ----a-w c:\windows\System32\perfc013.dat
- 2009-02-20 20:27:47 586,980 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-21 10:53:20 586,980 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-20 20:27:47 667,114 ----a-w c:\windows\System32\perfh013.dat
+ 2009-02-21 10:53:20 667,114 ----a-w c:\windows\System32\perfh013.dat
- 2009-02-20 20:23:42 9,754 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3563774019-1998820256-1686892039-1000_UserData.bin
+ 2009-02-21 10:48:53 9,754 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3563774019-1998820256-1686892039-1000_UserData.bin
- 2009-02-20 20:23:42 76,664 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-02-21 10:48:53 76,696 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2009-02-20 20:23:42 62,646 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-02-21 10:48:52 62,662 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-08-21 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-05-06 196128]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-01-16 325768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-20 148888]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 c:\windows\SkyTel.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-05 110592]
ASETRES.EXE [2008-04-14 20480]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-03-14 2938184]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-04-21 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERAR~1\ACERDV~2\Kernel\Burner\MKDMP3 Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{1CD58457-7C8E-48E9-AB4C-A669E1E7A953}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3F8253A3-A6E4-40C2-BBDC-A364AC7AF815}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E2FED11-E839-41B2-B576-6AA00D7AFB8A}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{01F05B0A-CA76-4AC9-9B04-C5D44C7E3567}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{0201CC13-BEBB-484C-97C3-C9B6E8DE02A7}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{F3F996E5-7560-4183-BC66-D4D34A3586C1}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{4CD3A3EE-EF19-4B55-BE42-68232EF46B10}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{2173EC49-7A4D-478D-9A25-7B881E6858A2}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{6E91AA7E-15D8-4036-9EF0-FDDD121A4006}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{7E2BF243-A90C-4DD9-A96D-2F4DD13C37EF}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{129987DA-224C-4802-8ECB-86EF5920C921}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{22642EC9-6C7A-405F-9D9E-F7C0A6B4A0DF}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{C45D5978-6CE4-473F-A4E3-F96C26A2EDE8}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{64B69508-40F1-443A-960B-54A0B10CAF18}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8166B930-8414-45D2-8282-4C7FC555335A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{C3D3CD33-EEEE-417C-98B8-E8726B640BFA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{62AC522E-F2E5-4F34-A891-774AA0F9FC0A}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{DA924029-5491-4207-A573-29D9088D574B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{03A4603D-9AEA-417E-BD0F-ECBF97B7689B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-04-21 269448]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-16 184968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-08-21 42528]
S2 NFRAgent;NFRAgent;c:\windows\system32\svchost.exe -k nfrsvc [2008-01-21 21504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nfrsvc REG_MULTI_SZ NFRAgent
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6ad43d91-ace1-11dd-bad1-001d92986996}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e5171b2f-6f8c-11dd-9069-001d92986996}]
\shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
Inhoud van de 'Gedeelde Taken' map
2009-02-20 c:\windows\Tasks\User_Feed_Synchronization-{DCFF0330-69DE-4067-B7E3-DD1B4B2E4A88}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
.
------- Bijkomende Scan -------
.
mStart Page = hxxp://nl.intl.acer.yahoo.com
uInternet Settings,ProxyServer = http=localhost:7070
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: chatbabe.be\www
Trusted Zone: demotorsite.be
Trusted Zone: playvillage.be\www
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 12:05:05
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2009-02-21 12:06:39
ComboFix-quarantined-files.txt 2009-02-21 11:06:37
ComboFix2.txt 2009-02-20 21:14:50
ComboFix3.txt 2009-02-20 20:19:05
ComboFix4.txt 2009-02-20 18:53:04
Pre-Run: 111.156.391.936 bytes beschikbaar
Post-Run: 111,139,188,736 bytes beschikbaar
270 --- E O F --- 2009-02-15 12:39:22

Blackbird's Information Tool (BIT) DRIVERREPORT
BIT v1.1
Microsoft Windows [versie 6.0.6001]
-----------------------------------------------------


Modulenaam Weergegeven naam Stuurprogramm Datum koppeling
============ ====================== ============= ======================
ACPI Microsoft ACPI-stuurpr Kernel Driver 19-1-2008 6:32:48
adp94xx adp94xx Kernel Driver 24-4-2007 23:00:29
adpahci adpahci Kernel Driver 1-5-2007 19:29:26
adpu160m adpu160m Kernel Driver 21-2-2007 19:04:35
adpu320 adpu320 Kernel Driver 28-2-2007 1:03:08
AFD Ancilliary Function Dr Kernel Driver 19-1-2008 6:57:00
agp440 Intel AGP Bus Filter Kernel Driver 19-1-2008 6:32:49
aic78xx aic78xx Kernel Driver 12-4-2006 2:20:11
aliide aliide Kernel Driver 19-1-2008 6:49:41
amdagp AMD AGP Bus Filter Dri Kernel Driver 19-1-2008 6:32:50
amdide amdide Kernel Driver 19-1-2008 6:49:42
AmdK7 AMD K7 Processor Drive Kernel Driver 19-1-2008 6:27:20
AmdK8 AMD K8 Processor Drive Kernel Driver 19-1-2008 6:27:20
arc arc Kernel Driver 24-5-2007 23:31:06
arcsas arcsas Kernel Driver 25-5-2007 20:56:36
AsyncMac Asynchroon mediastuurp Kernel Driver 19-1-2008 6:56:29
atapi IDE-kanaal Kernel Driver 19-1-2008 6:49:40
atikmdag atikmdag Kernel Driver 20-2-2008 4:21:29
avgio avgio Kernel Driver 22-2-2007 15:57:32
avgntflt avgntflt File 19-5-2008 13:17:12
avipbb avipbb Kernel Driver 27-10-2008 18:26:07
Beep Beep Kernel Driver 19-1-2008 6:49:10
blbdrive blbdrive Kernel Driver 19-1-2008 6:30:06
bowser Bowser File 19-1-2008 6:28:26
BrFiltLo Brother USB Mass-Stora Kernel Driver 6-8-2006 23:33:45
BrFiltUp Brother USB Mass-Stora Kernel Driver 6-8-2006 23:33:45
Brserid Brother MFC Serial Por Kernel Driver 6-8-2006 23:33:50
BrSerWdm Brother WDM Serial dri Kernel Driver 6-8-2006 23:33:44
BrUsbMdm Brother MFC USB Fax On Kernel Driver 6-8-2006 23:33:43
BrUsbSer Brother MFC USB Serial Kernel Driver 9-8-2006 14:02:02
BTHMODEM Bluetooth Serial Commu Kernel Driver 2-11-2006 9:55:22
CamDrL Logitech QuickCam Pro Kernel Driver 3-2-2007 18:55:29
cdfs CD/DVD File System Rea File 19-1-2008 6:28:02
cdrom Cd-rom-stuurprogramma Kernel Driver 19-1-2008 6:49:50
circlass Consumer IR Devices Kernel Driver 19-1-2008 6:53:24
CLFS Common Log (CLFS) Kernel Driver 19-1-2008 6:28:01
cmdide cmdide Kernel Driver 19-1-2008 6:49:42
Compbatt Microsoft Composite Ba Kernel Driver 19-1-2008 6:32:47
crcdisk Crcdisk Filter Driver Kernel Driver 19-1-2008 6:50:29
Crusoe Transmeta Crusoe Proce Kernel Driver 19-1-2008 6:27:20
DfsC DFS Namespace Client D File 19-1-2008 6:28:20
disk Stuurprogramma voor sc Kernel Driver 19-1-2008 6:49:47
drmkaud Microsoft Kernel DRM-a Kernel Driver 19-1-2008 6:53:16
DXGKrnl LDDM Graphics Subsyste Kernel Driver 2-8-2008 3:01:19
E1G60 Intel(R) PRO/1000 NDIS Kernel Driver 7-8-2007 18:14:13
Ecache ReadyBoost Caching Dri Kernel Driver 19-1-2008 6:50:47
elxstor elxstor Kernel Driver 11-4-2007 17:45:07
ErrDev Microsoft Hardware Err Kernel Driver 19-1-2008 6:32:49
exfat exFAT File System Driv File 19-1-2008 6:28:01
fastfat FAT12/16/32 File Syste File 19-1-2008 6:28:00
fdc Floppy Disk Controller Kernel Driver 19-1-2008 6:49:37
FileInfo File Information FS Mi File 19-1-2008 6:34:27
Filetrace FileTrace File 19-1-2008 6:30:23
flpydisk Floppy Disk Driver Kernel Driver 19-1-2008 6:49:37
FltMgr FltMgr File 19-1-2008 6:28:10
gagp30kx Microsoft Generic AGPv Kernel Driver 19-1-2008 6:32:51
HdAudAddServ Microsoft 1.1 UAA Func Kernel Driver 2-11-2006 2:43:11
HDAudBus Microsoft UAA Bus-stuu Kernel Driver 28-11-2007 0:18:41
HidBth Microsoft Bluetooth HI Kernel Driver 2-11-2006 9:55:21
HidIr Microsoft Infrared HID Kernel Driver 2-11-2006 9:55:01
HidUsb Microsoft HID Class-st Kernel Driver 19-1-2008 6:53:17
HpCISSs HpCISSs Kernel Driver 9-3-2007 20:51:35
HTTP HTTP Kernel Driver 19-1-2008 6:55:21
i2omp i2omp Kernel Driver 19-1-2008 6:49:44
i8042prt Stuurprogramma voor i8 Kernel Driver 19-1-2008 6:49:17
iaStor Intel AHCI Controller Kernel Driver 14-6-2006 22:56:38
iaStorV Intel RAID Controller Kernel Driver 28-9-2007 20:17:27
iirsp iirsp Kernel Driver 13-12-2005 22:48:01
int15 int15 Kernel Driver 3-7-2007 4:03:24
IntcAzAudAdd Service for Realtek HD Kernel Driver 26-3-2008 11:35:47
intelide intelide Kernel Driver 19-1-2008 6:49:42
intelppm Intel Processor Driver Kernel Driver 19-1-2008 6:27:20
IpFilterDriv IP Traffic Filter Driv Kernel Driver 19-1-2008 6:56:23
IPMIDRV IPMIDRV Kernel Driver 19-1-2008 6:39:33
IPNAT IP Network Address Tra Kernel Driver 19-1-2008 6:56:28
IRENUM IR Bus Enumerator Kernel Driver 19-1-2008 6:55:19
isapnp PnP ISA/EISA Bus Drive Kernel Driver 19-1-2008 6:32:55
iScsiPrt iScsiPort-stuurprogram Kernel Driver 19-1-2008 6:50:44
iteatapi ITEATAPI_Service_Insta Kernel Driver 11-8-2006 4:11:47
iteraid ITERAID_Service_Instal Kernel Driver 11-8-2006 3:38:19
kbdclass Stuurprogramma voor ve Kernel Driver 19-1-2008 6:49:14
kbdhid Stuurprogramma voor to Kernel Driver 19-1-2008 6:49:17
KSecDD KSecDD Kernel Driver 19-1-2008 6:41:20
lltdio Link-Layer Topology Di Kernel Driver 19-1-2008 6:55:03
LSI_FC LSI_FC Kernel Driver 30-6-2007 3:01:20
LSI_SAS LSI_SAS Kernel Driver 30-6-2007 3:01:01
LSI_SCSI LSI_SCSI Kernel Driver 30-6-2007 2:47:54
luafv UAC File Virtualizatio File 19-1-2008 6:30:35
LVUSBSta Logitech USB Monitor F Kernel Driver 3-2-2007 18:46:13
megasas megasas Kernel Driver 26-5-2007 0:19:58
MegaSR MegaSR Kernel Driver 2-7-2007 23:50:10
Modem Modem Kernel Driver 19-1-2008 6:57:16
monitor Microsoft Monitor Clas Kernel Driver 19-1-2008 6:52:19
mouclass Stuurprogramma voor mu Kernel Driver 19-1-2008 6:49:14
mouhid Stuurprogramma voor mu Kernel Driver 19-1-2008 6:49:16
MountMgr Mount Point Manager Kernel Driver 19-1-2008 6:49:13
mpio Microsoft Multi-Path B Kernel Driver 19-1-2008 6:50:40
mpsdrv Autorisatiestuurprogra Kernel Driver 19-1-2008 6:54:45
Mraid35x Mraid35x Kernel Driver 8-9-2006 3:21:32
MRxDAV WebDav Client Redirect File 19-1-2008 6:28:44
mrxsmb SMB MiniRedirector Wra File 19-1-2008 6:28:33
mrxsmb10 SMB 1.x MiniRedirector File 27-8-2008 3:05:40
mrxsmb20 SMB 2.0 MiniRedirector File 19-1-2008 6:28:35
msahci msahci Kernel Driver 19-1-2008 6:49:43
msdsm Microsoft Multi-Path D Kernel Driver 19-1-2008 6:50:46
Msfs Msfs File 19-1-2008 6:28:08
msisadrv ISA/EISA Class-stuurpr Kernel Driver 19-1-2008 6:32:51
MSKSSRV Microsoft Streaming Se Kernel Driver 19-1-2008 6:49:19
MSPCLOCK Microsoft Streaming Cl Kernel Driver 19-1-2008 6:49:18
MSPQM Microsoft Streaming Kw Kernel Driver 19-1-2008 6:49:18
MsRPC MsRPC Kernel Driver 19-1-2008 6:48:15
mssmbios BIOS-stuurprogramma vo Kernel Driver 19-1-2008 6:32:55
MSTEE Microsoft Streaming Te Kernel Driver 19-1-2008 6:49:18
Mup Mup File 19-1-2008 6:28:20
NativeWifiP NativeWiFi-filter Kernel Driver 20-5-2008 4:07:27
NDIS NDIS System Driver Kernel Driver 19-1-2008 6:55:51
NdisTapi NDIS TAPI-stuurprogram Kernel Driver 19-1-2008 6:56:24
Ndisuio NDIS Usermode I/O Prot Kernel Driver 19-1-2008 6:55:40
NdisWan Stuurprogramma voor ex Kernel Driver 19-1-2008 6:56:32
NDProxy NDIS Proxy Kernel Driver 19-1-2008 6:56:28
NetBIOS NetBIOS Interface File 19-1-2008 6:55:45
netbt NETBT Kernel Driver 19-1-2008 6:55:33
nfrd960 nfrd960 Kernel Driver 6-6-2006 23:12:15
Npfs Npfs File 19-1-2008 6:28:09
nsiproxy NSI proxy service Kernel Driver 19-1-2008 6:55:50
Ntfs Ntfs File 19-1-2008 6:28:54
NTIDrvr Upper Class Filter Dri Kernel Driver 21-12-2004 21:33:14
ntrigdigi N-trig HID Tablet Driv Kernel Driver 14-8-2006 21:29:13
Null Null Kernel Driver 19-1-2008 6:49:12
NVENETFD NVIDIA nForce Networki Kernel Driver 18-11-2007 0:46:42
NVHDA Service for NVIDIA Hig Kernel Driver 29-4-2008 2:02:17
nvlddmkm nvlddmkm Kernel Driver 28-11-2007 13:05:35
nvraid NVIDIA nForce RAID Dri Kernel Driver 6-6-2007 22:34:41
nvrd32 NVIDIA nForce RAID Dri Kernel Driver 7-5-2008 0:52:19
nvsmu nvsmu Kernel Driver 8-7-2007 0:13:09
nvstor nvstor Kernel Driver 6-6-2007 22:34:41
nvstor32 nvstor32 Kernel Driver 7-5-2008 0:52:22
nv_agp NVIDIA nForce AGP Bus Kernel Driver 19-1-2008 6:32:53
ohci1394 VIA OHCI Compliant IEE Kernel Driver 19-1-2008 6:53:33
Parport Parallel port driver Kernel Driver 2-11-2006 9:51:29
partmgr Partition Manager Kernel Driver 19-1-2008 6:49:54
Parvdm Parvdm Kernel Driver 2-11-2006 9:51:23
pci PCI Bus-stuurprogramma Kernel Driver 19-1-2008 6:32:57
pciide pciide Kernel Driver 19-1-2008 6:49:42
pcmcia pcmcia Kernel Driver 2-11-2006 9:35:13
PEAUTH PEAUTH Kernel Driver 23-10-2006 10:55:32
PptpMiniport WAN-minipoort (PPTP) Kernel Driver 19-1-2008 6:56:34
Processor Processor Driver Kernel Driver 19-1-2008 6:27:20
PSched QoS-pakketplanner Kernel Driver 5-4-2008 3:21:42
ql2300 QLogic Fibre Channel M Kernel Driver 10-3-2007 0:13:05
ql40xx QLogic iSCSI Miniport Kernel Driver 6-7-2006 21:38:16
QWAVEdrv QWAVE-stuurprogramma Kernel Driver 19-1-2008 6:56:07
RasAcd Remote Access Auto Con Kernel Driver 19-1-2008 6:56:31
Rasl2tp WAN-minipoort (L2TP) Kernel Driver 19-1-2008 6:56:33
RasPppoe PPPOE-stuurprogramma v Kernel Driver 19-1-2008 6:56:33
RasSstp WAN-minipoort (SSTP) Kernel Driver 19-1-2008 6:56:43
rdbss Redirected Buffering S File 19-1-2008 6:28:34
RDPCDD RDPCDD Kernel Driver 19-1-2008 7:01:08
rdpdr Terminal Server Device Kernel Driver 19-1-2008 7:02:27
RDPENCDD RDP Encoder Mirror Dri Kernel Driver 19-1-2008 7:01:09
RDPWD RDP Winstation Driver Kernel Driver 19-1-2008 7:01:16
ROOTMODEM Microsoft Legacy Modem Kernel Driver 19-1-2008 6:57:14
rspndr Link-Layer Topology Di Kernel Driver 19-1-2008 6:55:03
sbp2port SBP-2 Transport/Protoc Kernel Driver 2-11-2006 9:51:44
secdrv Security Driver Kernel Driver 13-9-2006 15:18:32
Serenum Serenum Filter-stuurpr Kernel Driver 19-1-2008 6:49:29
Serial Stuurprogramma voor se Kernel Driver 19-1-2008 6:49:34
sermouse Serial Mouse Driver Kernel Driver 19-1-2008 6:49:16
sfdrv01 StarForce Protection E Kernel Driver 5-7-2006 14:39:25
sffdisk SFF Storage Class Driv Kernel Driver 19-1-2008 6:49:46
sffp_mmc SFF Storage Protocol D Kernel Driver 19-1-2008 6:49:48
sffp_sd SFF Storage Protocol D Kernel Driver 19-1-2008 6:49:46
sfhlp02 StarForce Protection H Kernel Driver 14-6-2006 16:56:53
sfloppy High-Capacity Floppy D Kernel Driver 2-11-2006 9:51:40
sfvfs02 StarForce Protection V Kernel Driver 8-2-2007 18:44:36
sisagp SIS AGP Bus Filter Kernel Driver 19-1-2008 6:32:50
SiSRaid2 SiSRaid2 Kernel Driver 14-4-2007 0:34:24
SiSRaid4 SiSRaid4 Kernel Driver 14-4-2007 1:38:55
Smb Bericht-georiënteerd T Kernel Driver 19-1-2008 6:55:27
spldr Security Processor Loa Kernel Driver 22-6-2007 2:29:17
srv srv File 16-12-2008 3:42:35
srv2 srv2 File 19-1-2008 6:29:14
srvnet srvnet File 19-1-2008 6:29:11
ssmdrv ssmdrv Kernel Driver 28-2-2007 16:43:23
swenum Software Bus-stuurprog Kernel Driver 19-1-2008 6:49:20
Symc8xx Symc8xx Kernel Driver 11-11-2005 23:45:56
Sym_hi Sym_hi Kernel Driver 11-11-2005 22:07:07
Sym_u3 Sym_u3 Kernel Driver 21-10-2005 2:12:49
Tcpip Stuurprogramma voor TC Kernel Driver 26-4-2008 8:00:17
Tcpip6 Microsoft IPv6 Protoco Kernel Driver 26-4-2008 8:00:17
tcpipreg TCP/IP Registry Compat Kernel Driver 19-1-2008 6:56:07
TDPIPE TDPIPE Kernel Driver 19-1-2008 7:01:07
TDTCP TDTCP Kernel Driver 19-1-2008 7:01:08
tdx Stuurprogramma voor on Kernel Driver 19-1-2008 6:55:58
TermDD Stuurprogramma voor te Kernel Driver 19-1-2008 7:01:06
tosporte Bluetooth COM Port Kernel Driver 25-3-2008 5:54:00
tosrfbd Bluetooth RFBUS Kernel Driver 25-3-2008 8:24:21
tosrfbnp Bluetooth RFBNEP Kernel Driver 29-11-2007 1:45:41
Tosrfcom Bluetooth RFCOMM Kernel Driver 2-10-2007 4:43:20
Tosrfhid Bluetooth RFHID Kernel Driver 19-3-2008 3:38:23
tosrfnds Bluetooth Personal Are Kernel Driver 6-1-2005 5:42:41
TosRfSnd Bluetooth Audio Kernel Driver 22-1-2008 12:57:46
Tosrfusb Bluetooth USB Controll Kernel Driver 18-10-2007 7:24:59
tssecsrv Terminal Services Secu Kernel Driver 19-1-2008 7:01:15
tunmp Stuurprogramma voor Mi Kernel Driver 19-1-2008 6:55:40
tunnel Microsoft IPv6 Tunnel Kernel Driver 19-1-2008 6:55:50
uagp35 Microsoft AGPv3.5 Filt Kernel Driver 19-1-2008 6:32:50
udfs udfs File 19-1-2008 6:28:08
uliagpkx Uli AGP Bus Filter Kernel Driver 19-1-2008 6:32:52
uliahci uliahci Kernel Driver 4-5-2007 18:18:25
UlSata UlSata Kernel Driver 20-9-2006 2:02:59
ulsata2 ulsata2 Kernel Driver 20-9-2006 2:18:47
umbus UMBus Enumerator-stuur Kernel Driver 19-1-2008 6:53:40
usbaudio Stuurprogramma voor US Kernel Driver 19-1-2008 6:53:22
usbccgp Microsoft algemeen hoo Kernel Driver 19-1-2008 6:53:29
usbcir eHome Infrared Receive Kernel Driver 2-11-2006 9:55:08
usbehci Microsoft USB 2.0 Enha Kernel Driver 19-1-2008 6:53:21
usbhub Stuurprogramma voor Mi Kernel Driver 19-1-2008 6:53:40
usbohci Microsoft USB Open Hos Kernel Driver 19-1-2008 6:53:21
usbprint Microsoft USB PRINTER Kernel Driver 19-1-2008 7:14:40
usbscan Stuurprogramma voor US Kernel Driver 19-1-2008 7:14:09
USBSTOR Stuurprogramma voor US Kernel Driver 19-1-2008 6:53:22
usbuhci Microsoft USB Universa Kernel Driver 19-1-2008 6:53:20
vga vga Kernel Driver 19-1-2008 6:52:06
VgaSave VgaSave Kernel Driver 19-1-2008 6:52:06
viaagp VIA AGP Bus Filter Kernel Driver 19-1-2008 6:32:50
ViaC7 VIA C7 Processor Drive Kernel Driver 19-1-2008 6:27:20
viaide viaide Kernel Driver 19-1-2008 6:49:43
volmgr Stuurprogramma voor Vo Kernel Driver 19-1-2008 6:49:51
volmgrx Dynamic Volume Manager Kernel Driver 19-1-2008 6:50:00
volsnap Opslagvolumes Kernel Driver 19-1-2008 6:50:10
vsmraid vsmraid Kernel Driver 30-5-2007 23:15:38
WacomPen Wacom Serial Pen HID D Kernel Driver 2-11-2006 9:52:52
Wanarp Remote Access IP ARP D Kernel Driver 19-1-2008 6:56:31
Wanarpv6 Remote Access IPv6 ARP Kernel Driver 19-1-2008 6:56:31
Wd Microsoft Watchdog Tim Kernel Driver 19-1-2008 6:52:18
Wdf01000 Kernel Mode Driver Fra Kernel Driver 19-1-2008 6:52:21
WmiAcpi Microsoft Windows Mana Kernel Driver 19-1-2008 6:32:47
ws2ifsl Winsock IFS driver Kernel Driver 19-1-2008 6:56:49
WUDFRd WUDFRd Kernel Driver 19-1-2008 6:53:04



---EOF---

Hoi,

Hoe staat het nu met de problemen? :)

ik heb nu de gevraagde logs gepost en tot nu toe heb ik geen problemen meer ondervonden:)

avira maakt toch geen meldingen meer van virussen;)

zie jij nog iets in de logs?

groetjes

Hoi,

Alles ziet er weer schoon uit. Laten we nu even wat aan de preventie doen. :)

Doe het volgende:

1. Verwijder ComboFix door naar "Start" te gaan, en daar combofix /u te typen.
Hierdoor wordt ComboFix volledig van het systeem verwijderd, maar ook worden alle, mogelijk geïnfecteerde, systeemherstelpunten verwijderd, waardoor herinfectie door systeemherstel niet kan plaatsvinden.

2. Download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) (by OldTimer)

Plaats het bestand op je bureaublad.
Zorg dat er een internetverbinding is.
Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
Klik nu op de knop "CleanUp!"
Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTCleanIt.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
OTCleanIt zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.
Nota: Het gebruik van OTCleanIt zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.

3. Je mag ook alle losse bestanden die we hebben gebruikt verwijderen. Laat Hijackthis nog even staan.
(Je mag de map C:\Blackbird verwijderen)

4. Ga naar de Windows update site (http://windowsupdate.microsoft.com/) en haal alle updates op, dit ter bescherming van je pc.

5. Maak nu een nieuwe HijackThislog en post deze in je volgende bericht.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:49, on 20-2-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:7070
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\system32\Msdxm6.ocx
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Race/Images/stg_drm.ocx
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 8312 bytes

Hoi,

Je lijkt me weer goed beschermd tegen nieuwe malware. :)
Doe nog even het volgende:

1. Je mag Hijackthis nu verwijderen.

2. Lees deze pagina (http://users.telenet.be/bluepatchy/miekiemoes/preventie.html) eens door om herinfectie te voorkomen.

3. Graag zouden we je willen vragen om enkele minuten van je tijd te gebruiken om je beklag te doen. Behalve het verwijderen van de malware kunnen we de makers ervan op een andere manier bestrijden: zoveel mogelijk mensen hun verhaal laten vertellen, waardoor er aandacht zal ontstaan voor het probleem in de media en de politiek. Dankzij een initiatief hebben wereldwijd al veel mensen hun beklag geuit. Blijf niet acher, want wij hebben ook jouw hulp daarbij nodig!

Lees daarvoor deze (http://malwarecomplaints.info/phpBB3/viewtopic.php?f=16&t=43) pagina en post vervolgens via de richtlijnen die op de pagina staan (onderaan) jouw verhaal in dit (http://malwarecomplaints.info/phpBB3/viewtopic.php?f=16&t=110) topic.
Jouw infectie was: Malware

Omdat je vraag is opgelost sluit ik dit topic. Je kunt dan niet meer reageren in dit topic. Wil je je topic heropend hebben, stuur mij of een van de andere Moderators een privébericht, met daarin de aanvraag tot de heropening van je topic.
Alle anderen kunnen hun eigen topic openen.