Mijn computer is gekeylogged geweest waardoor iemand toegang heeft gekregen tot mijn World of Warcraft account en op die manier al mijn karakter's spullen kon verkopen, alsook me mijn toegang tot het spel heeft weten te ontzeggen. Het voornaamste is dus dat ik weet of die keylogger nog aanwezig is of niet, en hoe hem te verwijderen.

De scans die ik ondertussen al heb gedaan zijn met de programma's:
- ATF Cleaner
- Ad-Aware
- Spybot Search & Destroy
- MBAM
- Virusscan met de internetscanner van Bitdefender

Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:45:14, on 14/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com ## Game Guard by pass ##
O1 - Hosts: 67.205.77.113 L2testauthd.lineage2.com ## L2Sirius x45##
O1 - Hosts: 67.205.77.113 L2authd.lineage2.com ## L2Sirius x45##
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Voipwise] "C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124454307790
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12129 bytes

Hoi,
Al geprobeerd met AVG 8 freeware?
Groetjes EdGi

Boeie, als je ziet welke scanners hij al heeft gebruikt, zal avg er niet veel toedoen.

Gewoon wachten op reactie van de spywareslayers, zij kunnen normaal aan de hand van die log zien of er nog onregelmatigheden op je pc zitten.

Nog een scan doen zal niet veel meer opleveren en wie weet is hij er al afgeflikkerd.
Alhoewel die anti malware progjes dan hadden moeten zeggen dat ze een keylogger of dergelijke gevonden hadden...(dit heb je niet vermeld).

De programma's hebben nergens expliciet vermeld dat het om een keylogger ging wanneer ze iets detecteerden. Ze hebben wel een aantal dingen gevonden, en die zijn verwijderd of hersteld. Maar ik weet niet wat voor iets ze waren.

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - Startup: PowerReg Scheduler V3.exe

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.


Volg deze instructies (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) om Combofix te downloaden. Is er iets niet duidelijk, dan vraag je het.
Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console.
Indien je combofix al eerder gebruikt hebt en de recovery console al geïnstalleerd hebt mag je die stap overslaan.

OPMERKING:
Indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe, als Combofix aangeeft dat er een nieuwere versie beschikbaar is, dan sta je toe dat deze gedownload wordt.
Volg de instructies en aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

ComboFix 09-06-14.02 - Michel 15/06/2009 13:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1022.445 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Michel\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
J:\Autorun.inf

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-05-15 to 2009-06-15 ))))))))))))))))))))))))))))))
.

2009-06-15 11:49 . 2009-06-15 11:49 -------- d-----w- C:\32788R22FWJFW
2009-06-14 20:16 . 2009-06-14 20:16 -------- d-----w- c:\documents and settings\Michel\Local Settings\Application Data\Blizzard Entertainment
2009-06-14 16:42 . 2009-06-14 16:42 -------- d-----w- c:\program files\Trend Micro
2009-06-14 12:07 . 2009-06-14 15:59 -------- d-----w- c:\windows\BDOSCAN8
2009-06-14 08:39 . 2009-06-14 08:39 -------- d-----w- c:\documents and settings\Michel\Application Data\Malwarebytes
2009-06-14 08:39 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-14 08:39 . 2009-06-14 08:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-14 08:39 . 2009-06-14 08:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-14 08:39 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-13 21:12 . 2009-06-13 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-13 21:12 . 2009-06-13 21:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-11 17:04 . 2009-06-14 10:20 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-11 16:34 . 2009-06-11 16:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-11 16:34 . 2009-06-11 16:34 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-11 16:33 . 2009-06-11 16:33 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-11 16:33 . 2009-06-11 16:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-11 16:33 . 2009-06-15 11:34 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-11 16:33 . 2009-06-14 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-11 16:31 . 2009-06-11 16:33 -------- d-----w- c:\program files\AVG
2009-06-11 12:30 . 2009-06-11 12:30 -------- d-----w- c:\program files\Sierra
2009-06-10 20:24 . 2009-06-10 20:28 -------- d-----w- c:\documents and settings\Michel\Application Data\Voipwise
2009-06-10 20:23 . 2009-06-10 20:23 -------- d-----w- c:\program files\Voipwise.com
2009-06-09 18:57 . 2009-06-09 18:57 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-06-05 15:55 . 2009-06-05 15:55 -------- d-----w- c:\program files\Activision
2009-06-01 13:52 . 2009-06-01 13:52 -------- d-----w- c:\program files\iPod
2009-06-01 13:52 . 2009-06-01 13:53 -------- d-----w- c:\program files\iTunes
2009-06-01 13:52 . 2009-06-01 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-01 13:50 . 2009-06-01 13:50 -------- d-----w- c:\program files\Bonjour
2009-06-01 13:48 . 2009-06-01 13:49 -------- d-----w- c:\program files\QuickTime
2009-06-01 13:43 . 2009-06-01 13:43 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-28 15:48 . 2009-05-28 15:48 -------- d-----w- c:\documents and settings\Michel\Application Data\MyRo
2009-05-28 15:47 . 2009-05-28 15:50 -------- d-----w- c:\program files\Puntenboek
2009-05-22 10:00 . 2009-06-13 18:59 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-22 09:11 . 2009-05-22 09:11 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
2009-05-22 09:04 . 2009-05-22 09:04 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-22 09:04 . 2009-05-22 09:04 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-22 09:04 . 2009-05-22 09:04 73064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-05-22 09:03 . 2009-05-22 09:03 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-22 09:03 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-05-22 09:02 . 2009-05-22 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-22 09:02 . 2009-05-22 09:02 -------- d-----w- c:\program files\Lavasoft
2009-05-21 08:58 . 2009-05-21 08:58 -------- d-----w- c:\program files\Alarm

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-14 19:54 . 2007-07-06 13:52 35864 ----a-w- c:\documents and settings\Michel\Application Data\wklnhst.dat
2009-06-13 18:09 . 2007-10-30 11:03 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-06-11 12:40 . 2007-10-30 10:48 -------- d--h--w- c:\program files\InstallJammer Registry
2009-06-08 16:29 . 2007-07-06 13:52 78112 ----a-w- c:\documents and settings\Michel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-01 13:52 . 2008-10-05 16:41 -------- d-----w- c:\program files\Common Files\Apple
2009-05-31 11:51 . 2008-09-29 22:04 -------- d-----w- c:\program files\Maple 11
2009-05-31 10:39 . 2008-09-08 13:38 -------- d-----w- c:\program files\OpenVPN
2009-05-17 06:12 . 2009-05-07 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-07 15:34 . 2005-08-19 10:31 347136 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 13:25 . 2005-09-13 18:26 -------- d-----w- c:\program files\Microsoft Works
2009-05-07 13:23 . 2009-05-07 13:23 -------- d-----w- c:\program files\Microsoft.NET
2009-04-29 10:36 . 2009-04-29 10:36 -------- d-----w- c:\documents and settings\Michel\Application Data\teamspeak2
2009-04-29 10:36 . 2009-04-29 10:35 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-04-29 04:46 . 2005-08-19 10:31 669696 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2005-08-19 10:31 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 15:59 . 2009-04-23 12:18 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-04-23 12:19 . 2009-04-23 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-04-23 12:08 . 2005-08-19 03:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-23 12:00 . 2008-12-08 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-04-19 19:51 . 2005-08-19 10:31 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 07:15 . 2005-08-19 10:31 71334 ----a-w- c:\windows\system32\perfc013.dat
2009-04-18 07:15 . 2005-08-19 10:31 444710 ----a-w- c:\windows\system32\perfh013.dat
2009-04-15 14:55 . 2005-08-19 10:31 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 14:32 . 2008-10-05 16:44 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2003-12-18 09:33 . 2009-06-11 12:36 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 05:46 . 2009-06-11 12:36 10960 ----a-w- c:\program files\EULA.txt
2005-09-14 09:18 . 2005-09-14 09:18 8 --sh--r- c:\windows\system32\6F4823E4A3.sys
2005-09-14 09:18 . 2005-09-14 09:18 5224 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Voipwise"="c:\program files\Voipwise.com\Voipwise\Voipwise.exe" [2008-12-08 8974128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-30 57344]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-08-17 61440]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-09-02 81920]
"AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-01-31 458752]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-09-15 139264]
"InstantOn"="c:\programme\CyberLink\PowerCinema Linux\ion_install.exe" [2005-03-25 93640]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-13 518488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-08-18 14820864]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-08-24 88203]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-11 16:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%ProgramFiles%\\Messenger\\msmsgs.exe"=
"%WinDir%\\system32\\fxsclnt.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"=
"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"=
"%ProgramFiles%\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"d:\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"8800:TCP"= 8800:TCP:AOEpoort
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/05/2009 11:04 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/06/2009 18:33 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/06/2009 18:34 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/06/2009 18:33 298776]
S1 mailKmd;mailKmd; [x]
S2 safeKis;safeKis;\??\c:\docume~1\Michel\LOCALS~1\Te mp\tmp1A.tmp --> c:\docume~1\Michel\LOCALS~1\Temp\tmp1A.tmp [?]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [13/09/2005 18:20 799744]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\Michel\LOCALS~1\ Temp\ewdmaudn.sys --> c:\docume~1\Michel\LOCALS~1\Temp\ewdmaudn.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1005904]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [1/10/2006 14:37 26624]
.
Inhoud van de 'Gedeelde Taken' map

2009-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.aldi.com/
uInternet Connection Wizard,ShellNext = hxxp://www.aldi.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath -
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 13:55
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s afeKis]
"ImagePath"="\??\c:\docume~1\Michel\LOCALS~1\Temp\tmp1A.tmp"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-3193352444-2278212301-2031957364-1006\Software\SecuROM\License information*]
"datasecu"=hex:b2,37,59,03,b0,2a,b8,bd,41,72,c3,52,45,ba,4c, a3,43,bf,7d,16,07,
9d,0d,c5,b6,80,ab,b2,ba,9a,be,8f,02,e3,f4,cd,f8,5c ,30,63,78,c4,59,69,f8,e3,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d, 44
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2009-06-15 13:58
ComboFix-quarantined-files.txt 2009-06-15 11:58

Pre-Run: 9.885.667.328 bytes beschikbaar
Post-Run: 9.979.240.448 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

225 --- E O F --- 2009-06-10 05:40










Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:57, on 15/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com ## Game Guard by pass ##
O1 - Hosts: 67.205.77.113 L2testauthd.lineage2.com ## L2Sirius x45##
O1 - Hosts: 67.205.77.113 L2authd.lineage2.com ## L2Sirius x45##
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Voipwise] "C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe" -nosplash -minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124454307790
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11992 bytes

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren: Download Java Runtime Environment (JRE) 6u14 (http://www.filehippo.com/download_java_runtime/download/0e036bfa2323d0e46d36a2d0be287fe5/) en bewaar het naar je Bureaublad. Sluit alle programma's die eventueel open zijn - Zeker je web browser! Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. Klik dan op Verwijderen of op de Wijzig/Verwijder knop. Herhaal dit tot alle oudere versies verdwenen zijn. Na het verwijderen van alle oudere versies, herstart je pc. Dubbelklik vervolgens op jre-6u14-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Allereerst bedankt voor de hulp.

Kan ik er nu van uitgaan dat het terug veilig is om in te loggen op accounts e.d.?

ja hoor.