hoi,

een paar dagen geleden is mijn account gehacked. Heb dan deze thread gevolgd
http://forums.wow-europe.com/thread.html?topicId=5383442401&sid=1

heb deze inmiddels al twee maal doorlopen, eens toen ik online was, en eens toen ik de gehele tijd offline was. Toen kreeg ik mail van blizzard om dezelfde thread te doorlopen. Er werd daarin aangeraden om log van hijackthis hier te posten, dus doe ik bij deze.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:05, on 27/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application
Launcher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/s
earch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/s
earch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Koppelingen
R3 - URLSearchHook: SHOUTcast Toolbar Search Class -
{14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio
Toolbar\shoutcasttb.dll
F3 - REG:win.ini: load=C:\DOCUME~1\BEHEER~1\LOCALS~1\netdetect.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program
Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6}
- C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program
Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9}
- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} -
C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network
Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common
Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony
Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common
Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero
BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile
Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader
9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"
/background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang
1033
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared
Files\CamTray.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol
120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe"
ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [EPSON Stylus COLOR 480SXU]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN0 3.EXE /P25 "EPSON Stylus COLOR
480SXU" /O6 "USB001" /M "Stylus COLOR 480SXU"
O4 - HKCU\..\Run: [SoundMan] C:\WINDOWS\system32\SOUNDMAN.EXE
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite
7\PCSuite.exe" -onlytray
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program
Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All
Users\Application Data\SHOUTcast Radio
Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} -
C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.2.1
O15 - ESC Trusted IP range: http://192.168.2.1
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer
Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) -
http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.
cab?1174910206223
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) -
http://www.putfile.com/includes/ImageUploader4-5.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate
Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddcDvvVL - ddcDvvVL.dll (file missing)
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. -
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems,
Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program
Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates,
Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc.
- C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network
Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program
Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity
Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. -
C:\WINDOWS\system32\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software
- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 13498 bytes

Malwarebytes' Anti-Malware 1.39
Database versie: 2500
Windows 5.1.2600 Service Pack 2
27/07/2009 0:31:55
mbam-log-2009-07-27 (00-31-55).txt
Scan type: Volledige Scan (C:\|L:\|)
Objecten gescand: 285833
Verstreken tijd: 1 hour(s), 38 minute(s), 3 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)


mvg
kristof

Hoi ford_capri ,

Ik zal naar je logje kijken.

Ik ben echter Spyware Slayer in opleiding en zal daarom mijn fix eerst moeten laten controleren.

Het kan dus iets langer duren. Dank je voor je begrip.

Emphyrio :)

Hoi ford_capri,

Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.Post dit logje in je volgende antwoord.


Emphyrio :)

ComboFix 09-07-27.02 - Beheerder 28/07/2009 11:24.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.32.1043.18.3069.2342 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Beheerder\Mijn documenten\antivirus\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090727-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Nieuw herstelpunt werd aangemaakt
* Aanwezig AV is actief
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\BEHEER~1\LOCALS~1\Temp\catchme.dll
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\Beheerder\Local Settings\Temp\catchme.dll
c:\documents and settings\Beheerder\Menu Start\Programma's\Spyware Guard 2009
C:\LHT10.tmp
C:\LHT12.tmp
C:\LHT19.tmp
C:\LHT1C.tmp
C:\LHT4.tmp
C:\LHT6.tmp
C:\LHTC.tmp
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4

(((((((((((((((((((( Bestanden Gemaakt van 2009-06-28 to 2009-07-28 ))))))))))))))))))))))))))))))
.
2009-07-27 11:40 . 2009-07-27 11:40 -------- d-----w- c:\documents and settings\Beheerder\Local Settings\Application Data\Blizzard Entertainment
2009-07-26 12:58 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-26 12:57 . 2009-07-26 12:57 -------- d-----w- c:\program files\Panda Security
2009-07-25 20:42 . 2009-07-25 20:42 -------- d-----w- c:\documents and settings\Beheerder\Application Data\Malwarebytes
2009-07-25 20:42 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 20:42 . 2009-07-25 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-25 20:42 . 2009-07-25 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 20:42 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 20:14 . 2009-07-25 20:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-25 20:14 . 2009-07-25 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-25 20:05 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-25 17:13 . 2009-07-25 17:13 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
2009-07-25 17:03 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-25 17:03 . 2009-07-25 17:03 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-25 17:03 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-25 16:38 . 2009-07-25 16:38 -------- d-----w- c:\program files\Trend Micro
2009-07-25 13:17 . 2008-11-26 16:16 50864 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-25 13:17 . 2008-11-26 16:16 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-25 13:17 . 2008-11-26 16:15 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-25 13:17 . 2008-11-26 16:17 111184 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-25 13:17 . 2008-11-26 16:17 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-25 13:17 . 2008-11-26 16:15 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-25 13:17 . 2008-11-26 16:18 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-25 13:17 . 2008-11-26 16:18 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-25 13:16 . 2008-11-26 16:21 1236208 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-25 13:16 . 2009-07-25 13:16 -------- d-----w- c:\program files\Alwil Software
2009-07-23 16:35 . 2009-07-23 16:35 -------- d-sh--w- c:\windows\ftpcache
2009-07-23 16:33 . 1999-02-16 06:02 49664 ----a-w- c:\windows\SSMaui Wowee.scr
2009-07-23 16:31 . 2004-09-20 14:00 802816 ----a-w- c:\windows\FeedingFrenzy.scr
2009-07-23 16:30 . 2005-01-07 09:39 57344 ----a-w- c:\windows\system32\Big Kahuna Reef.scr
2009-07-23 16:30 . 2005-08-03 11:48 389120 ----a-w- c:\windows\Adventure Inlay.scr
2009-07-23 16:29 . 2009-07-25 16:53 -------- d-----w- c:\program files\GameHouse Games Collection
2009-07-23 16:16 . 2009-02-24 16:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-07-23 16:16 . 2009-07-23 16:17 -------- d-----w- c:\program files\MagicDisc
2009-07-21 10:07 . 2009-07-21 10:11 -------- d-----w- C:\epson
2009-07-21 10:04 . 2009-07-21 10:04 -------- d-----w- c:\program files\EPSON
2009-07-16 11:39 . 2009-07-16 11:39 -------- d-----w- c:\windows\system32\Viewers
2009-07-15 21:37 . 2009-07-15 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2009-07-15 21:37 . 2009-07-16 23:08 -------- d-----w- c:\program files\BigfishGames
2009-07-15 17:36 . 2009-07-15 17:36 26624 ----a-r- c:\documents and settings\Beheerder\Application Data\Microsoft\Installer\{6910C412-A523-493C-BC22-0213CD7F4F3A}\Icon6910C412.exe
2009-07-15 17:33 . 2009-07-15 19:36 -------- d-----w- c:\program files\Industry Giant 2
2009-07-15 15:13 . 2009-07-23 03:02 19 ----a-w- c:\windows\popcinfo.dat
2009-07-15 14:21 . 2009-07-15 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse
2009-07-07 23:55 . 2009-07-07 23:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-27 22:53 . 2008-04-16 02:45 -------- d-----w- c:\program files\PokerStars
2009-07-27 11:39 . 2009-05-31 02:47 -------- d-----w- c:\documents and settings\Beheerder\Application Data\Xfire
2009-07-26 17:30 . 2007-04-01 14:08 -------- d-----w- c:\documents and settings\Beheerder\Application Data\uTorrent
2009-07-25 20:05 . 2007-07-26 20:36 -------- d-----w- c:\program files\DAEMON Tools
2009-07-25 17:02 . 2008-05-21 22:06 -------- d-----w- c:\program files\Lavasoft
2009-07-24 14:37 . 2009-05-31 02:46 -------- d-----w- c:\program files\Xfire
2009-07-17 16:43 . 2007-04-09 10:50 -------- d-----w- c:\program files\WowReader
2009-07-17 12:03 . 2007-03-26 19:22 -------- d-----w- c:\program files\World of Warcraft
2009-07-16 11:29 . 2008-12-14 23:22 -------- d-----w- c:\program files\bwin
2009-06-25 00:24 . 2009-06-25 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MythPeople
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\documents and settings\Beheerder\Application Data\NeroDigital™
2009-06-24 09:45 . 2009-06-24 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\FreshGames
2009-06-23 14:45 . 2009-06-23 14:45 3913728 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\Delicious4\nl-NL\delicious4.dll
2009-06-23 01:45 . 2009-06-20 14:03 -------- d-----w- c:\program files\Simple Port Forwarding
2009-06-21 16:57 . 2009-06-21 16:57 40960 ----a-r- c:\documents and settings\Beheerder\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906 B4E9E4B_3.exe
2009-06-21 16:57 . 2009-06-21 16:57 8854 ----a-r- c:\documents and settings\Beheerder\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CF AB9B0A1906B4E9E4B.exe
2009-06-21 16:57 . 2009-06-21 16:57 10134 ----a-r- c:\documents and settings\Beheerder\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
2009-06-21 16:57 . 2009-06-21 16:57 -------- d-----w- c:\program files\Western Digital Technologies
2009-06-20 13:22 . 2009-06-20 12:30 -------- d-----w- c:\program files\SHOUTcast
2009-06-20 13:18 . 2009-06-20 13:18 -------- d-----w- c:\program files\SHOUTcast Radio Toolbar
2009-06-20 13:18 . 2007-04-12 22:47 -------- d-----w- c:\program files\Winamp
2009-06-20 12:30 . 2009-06-20 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SHOUTcast Radio Toolbar
2009-06-19 18:16 . 2007-04-02 01:13 -------- d-----w- c:\program files\Java
2009-06-19 18:14 . 2009-06-19 18:14 152576 ----a-w- c:\documents and settings\Beheerder\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-19 00:37 . 2009-06-18 01:28 -------- d-----w- c:\program files\PKR
2009-06-10 10:22 . 2009-06-10 10:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-06-09 18:56 . 2009-06-09 18:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-01 05:25 . 2009-06-01 05:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\Xfire
2009-05-31 02:48 . 2009-05-31 02:48 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-05-29 16:58 . 2009-05-29 16:50 -------- d-----w- c:\documents and settings\Beheerder\Application Data\PC Suite
2009-05-29 16:53 . 2009-05-29 16:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf
2009-05-29 16:53 . 2009-05-29 16:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2009-05-29 16:50 . 2009-05-29 16:50 -------- d-----w- c:\documents and settings\Beheerder\Application Data\Nokia
2009-05-29 16:50 . 2009-05-29 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-05-29 16:49 . 2009-05-29 16:49 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-29 16:49 . 2009-05-29 16:49 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-29 16:49 . 2009-05-29 16:49 -------- d-----w- c:\program files\Nokia
2009-05-29 16:49 . 2009-05-29 16:49 -------- d-----w- c:\program files\DIFX
2009-05-29 16:49 . 2009-05-29 16:49 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-29 16:48 . 2009-05-29 16:48 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\Uninst CCD.exe
2009-05-29 16:48 . 2009-05-29 16:48 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-05-29 16:48 . 2009-05-29 16:48 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\Uninst PCS.exe
2009-05-29 16:48 . 2009-05-29 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-05-29 16:48 . 2009-05-29 16:48 34109864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Nokia_PC_Suite_7_1_26_1_dut_web[1].exe
2009-05-21 09:33 . 2009-05-06 21:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-06 21:13 . 2009-05-06 21:13 152576 ----a-w- c:\documents and settings\Beheerder\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
1999-05-24 07:17 . 1999-05-24 07:17 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 10:53 . 1998-12-09 10:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 10:53 . 1998-12-09 10:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 10:53 . 1998-12-09 10:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 10:53 . 1998-12-09 10:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 10:53 . 1998-12-09 10:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\program files\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]
[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-05-18 1312256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 81990]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 135251]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-27 593920]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-05-26 282624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
c:\documents and settings\Beheerder\Menu Start\Programma's\Opstarten\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-23 576000]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-7-8 3190096]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-5 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Poort voor Symantec Fax Starter Edition.lnk - c:\program files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-5-24 46077]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.10.6448-enGB-downloader.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\Beheerder\\Mijn documenten\\shit\\Qwix101\\Qwix.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\RedlightCenter\\RedLightCenter\\Redlightcen ter.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Documents and Settings\\Beheerder\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.1.9806-to-3.1.1.9835-enGB-downloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enGB-downloader.exe"=
"c:\\Program Files\\SHOUTcast\\sc_serv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\1043\\WFXMSRVR.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25/07/2009 19:03 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [26/07/2009 14:58 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25/07/2009 15:17 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/12/2008 12:06 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 12:05 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [25/07/2009 15:17 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/07/2009 16:49 1029456]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 12:06 7408]
S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [12/06/2007 4:24 311684]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [31/10/2007 4:53 162176]
.
Inhoud van de 'Gedeelde Taken' map
2009-07-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
- - - - ORPHANS VERWIJDERD - - - -
HKCU-Run-EPSON Stylus COLOR 480SXU - c:\windows\System32\spool\DRIVERS\W32X86\3\E_AICN0 3.EXE
HKCU-Run-SoundMan - c:\windows\system32\SOUNDMAN.EXE
Notify-ddcDvvVL - ddcDvvVL.dll
Notify-WgaLogon - (no file)

.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &SHOUTcast Search - c:\documents and settings\All Users\Application Data\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cab
.
************************************************** ************************
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 11:31
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-436374069-1644491937-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:33,c7,64,a7,a6,45,ff,c9,64,3e,87,20,21,74,ef, 2a,20,89,ab,47,21,75,36,
55,20,98,42,ad,df,a3,16,20,b0,c3,d4,30,63,7c,78,a7 ,ba,05,f9,ea,7b,11,54,11,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f, 50
[HKEY_USERS\S-1-5-21-436374069-1644491937-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:e9,36,14,de,c4,76,0c,e3,d7,17,11,24,f4,5c,29, 4e,ba,00,1c,b3,6f,
04,29,1d,94,2b,89,cd,8c,fa,52,64,11,32,7b,4d,95,40 ,08,7d,3f,15,0c,7d,3c,36,\
"rkeysecu"=hex:ce,62,87,66,10,ae,b1,05,21,f7,a7,ee,3e,53,b8, 8a
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(2408)
c:\program files\Xfire\xfire_toucan_37966.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\SmartFTP Client\sfShellToolsDEU.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\stacsv.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\SHOUTcast Radio Toolbar\shoutcasttbServer.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-07-28 11:41 - machine werd herstart
ComboFix-quarantined-files.txt 2009-07-28 09:40
ComboFix2.txt 2008-06-26 19:06
Pre-Run: 20.716.777.472 bytes beschikbaar
Post-Run: 23.421.714.432 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
349

Hoi ford_capri,

Mag ik nog een verse HJT scan?

Hoe is het met je probleem gesteld?

Emphyrio :)

mijn probleem was dat er een keylogger mijn accountnaam en passwoord van mijn warcraft account had weten te bemachtigen... heb mij account nog niet van blizzard terug gehad. dus.. dunno... heb me nu wel een authenticator besteld, en dan mogen ze nog mijn pw hebben...

maar heb nu vooral schrik voor mijn credit kaart. :s


en thanks voor je hulp...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:28, on 29/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\shoutcast radio toolbar\SHOUTcastTbServer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Application Data\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.2.1
O15 - ESC Trusted IP range: http://192.168.2.1
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174910206223
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4-5.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 13101 bytes

Hoi ford_capri,

Je hebt in elk geval juist gehandeld door direct te reageren.
Tevens zou ik al mijn paswoorden veranderen. Je weet maar nooit.

Je logs zijn clean .

Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:
ComboFix /u
Zorg ervoor dat er dus een spatie is tussen Combofix en /
Daarna klik enter.

http://www.emphyrio.be/images/SMUninstall_combofix.jpg (http://www.emphyrio.be/images/Uninstall_combofix.jpg)

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden,
herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
gaat verborgen bestanden en systeembestanden terug verbergen
en reset je Systeemherstel opnieuw.




Download OTC.exe (http://oldtimer.geekstogo.com/OTC.exe) (by OldTimer)

Plaats het bestand op je bureaublad.
Zorg dat er een internetverbinding is.
Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
Klik nu op de knop "CleanUp!"
Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.
Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.


Wis even je bestaande herstelpunten volgens deze procedure (http://users.telenet.be/marcvn/spyware/1852808.htm).
Voer de volgende updates uit : Windows SP 3 (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=nl)

Mag ik je tot slot nog deze tips aanreiken : Veilig Internetten (http://www.jawwi.nl/beveiliging/basis.html)

Emphyrio :)