Computer is onzettend traag. Bij taakbeheer geeft hij explorer.exe in de 90 aan en men cpu's draaien op volle toeren.
Ik heb Avg laten lopen op alle 3 harde schijven en de trojans verwijderd! Ook heb ik Hitman Pro laten scannen maar alleen c: schijf.
Kan iemand me helpen aub
Dank bij voorbaat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:49, on 18-11-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Desktop Tray Clock\DTClock.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Transcode360\Transcode360Tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2009\Planner\PLNRnote.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/dutch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [svchost] C:\Windows\system32\schtasks.exe /RUN /TN "svchost"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RGSC] E:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [svchost] C:\Windows\system32\schtasks.exe /RUN /TN "svchost"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AshSnap] C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RUN.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10878 bytes

Hoi Mamu,

Ga naar het Configuratiescherm - Software - Programma's wijzigen en verwijderen, en deïnstalleer de volgende programma's:


Daemon Tools Lite (mag je na de clean verklaring terugzetten)
Hitman Pro

Download deze tool: http://www.duplexsecure.com/download/SPTDinst-v162-x86.exe
Dubbelklik er op om de tool te starten.
In het scherm dat verschijnt klik je op de uninstall knop.
Herstart de computer.

Vervolgens:

Download MalwareBytes' Anti-Malware (http://www.besttechie.net/mbam/mbam-setup.exe) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Indien MBAM vraagt om een herstart, doe dit dan ook.

Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje samen met een nieuw logje van HijackThis (Als Admin uitvoeren).

Emphyrio :)

Ik ben momenteel de harde schijf aan't scannen maar ik wil je alvast bedanken voor al de moeite die je al gedaan hebt. :)

Malwarebytes' Anti-Malware 1.41
Database versie: 3196
Windows 6.0.6001 Service Pack 1

19-11-2009 15:13:57
mbam-log-2009-11-19 (15-13-57).txt

Scan type: Snelle Scan
Objecten gescand: 115826
Verstreken tijd: 6 minute(s), 28 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 2
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 3

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\iexplor520.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Iexplor701.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\schtasks.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:49, on 19-11-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Desktop Tray Clock\DTClock.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Transcode360\Transcode360Tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2009\Planner\PLNRnote.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/dutch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RGSC] E:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AshSnap] C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RUN.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10901 bytes

Hoi Mamu,


Start Hijackthis op. Kies voor “Run as administrator" of "Uitvoeren als administrator".
Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Sluit alle vensters behalve HijackThis (HJT) en klik op Fix checked.
Indien er een vraag komt over backups antwoord je hierop met 'Ja'.
Sluit HJT.

Vervolgens:

Download of Update Ccleaner (http://www.ccleaner.com/download/builds)
Klik op de Slim versie (4 de link)

Start CCleaner op.

Run Ccleaner en klik in de linkse kolom op Opties
Selecteer het tabblad Geavanceerd
Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
Klik in de linkse kolom op Cleaner.
Klik dan achtereenvolgens op Analyseer en Schoonmaken.
Klik vervolgens in de linkse kolom op Register
Klik op Scan naar problemen.
Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK


Herstart je PC en post een nieuwe Hijackthis log.
Geef me tevens een update van je probleem.

Emphyrio :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:16, on 20-11-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Desktop Tray Clock\DTClock.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Transcode360\Transcode360Tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2009\Planner\PLNRnote.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\GrabIt\GrabIt.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/dutch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RGSC] E:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AshSnap] C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RUN.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10389 bytes

Deze O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) stond er niet meer bij
Eerste maal rebooten ging traag, ik heb ook messenger Live ge-uninstalled want dit nam ook 50% van de cpu in beslag. Momenteel geeft men cpu max 100% aan en ben ik een bestand van 6gig van c: naar i: aant kopieren en aan't downloaden via grabit.
Ik stop met alle aktiviteiten en geeft nog steeds 100% aan.
Infeite vanaf ik een bestand wil kopieren van de één naar de andere schijf dan begint explorer 100% aan te geven ... heel raar

Hoi Mamu,

Kan je eens een screenshot maken van deze processen (waarbij 100% cpu getoond wordt)?

Dus Taakbeheer >tabblad processen.

Emphyrio :)

Kan het mogelijk zijn dat één van de clusters van de harde schijven kapot is?

Hoi Mamu,

Van bijgevoegde screenshots kan ik niets maken, véél te klein ;):)


Download combofix.exe (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden)

ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.

Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
Blijf je die melding krijgen dan meld je dit.

Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).

Post het Combofixlogje samen met een nieuw HijackThislogje in je volgende antwoord.

Emphyrio :)

ComboFix 09-11-19.05 - Gebruiker 20-11-2009 15:52.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.31.1043.18.3071.1886 [GMT 1:00]
Gestart vanuit: g:\mamu\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\90210.exe
c:\users\Gebruiker\AppData\Roaming\inst.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-10-20 to 2009-11-20 ))))))))))))))))))))))))))))))
.

2009-11-20 14:59 . 2009-11-20 14:59 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-11-20 14:59 . 2009-11-20 14:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-19 19:56 . 2009-11-19 19:56 -------- d-----w- c:\program files\CCleaner
2009-11-19 14:04 . 2009-11-19 14:04 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes
2009-11-19 14:04 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-19 14:04 . 2009-11-19 14:04 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-19 14:04 . 2009-11-19 14:04 -------- d-----w- c:\programdata\Malwarebytes
2009-11-19 14:04 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 05:16 . 2009-11-18 05:16 -------- d-----w- c:\program files\Trend Micro
2009-11-18 05:15 . 2009-11-18 05:15 12800 ----a-w- c:\windows\system32\bootdelete.exe
2009-11-18 05:10 . 2009-11-19 13:51 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-11-18 05:09 . 2009-11-18 05:15 -------- d-----w- c:\programdata\Hitman Pro
2009-11-18 05:09 . 2009-11-18 05:09 -------- d-----w- c:\program files\Hitman Pro 3.5
2009-11-16 16:00 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-16 16:00 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-07 13:06 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-07 13:01 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-07 11:26 . 2009-11-07 11:26 -------- d-----w- c:\users\Gebruiker\AppData\Local\IsolatedStorage
2009-11-07 11:01 . 2009-11-07 11:02 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Nokia
2009-11-07 11:01 . 2009-11-07 11:01 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\PC Suite
2009-11-07 11:01 . 2009-11-07 11:01 -------- d-----w- c:\programdata\PC Suite
2009-11-07 11:01 . 2009-11-07 11:01 -------- d-----w- c:\users\Gebruiker\AppData\Local\NokiaAccount
2009-11-07 10:57 . 2009-11-07 10:57 -------- d-----w- c:\users\Gebruiker\AppData\Local\Nokia
2009-11-07 10:57 . 2009-11-07 10:57 -------- d-----w- c:\programdata\NokiaMusic
2009-11-07 10:56 . 2009-11-07 10:56 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-11-07 10:56 . 2009-11-07 10:56 -------- d-----w- c:\windows\Downloaded Installations
2009-11-07 10:53 . 2009-11-07 13:11 4096 d-----w- c:\program files\Common Files\Nokia
2009-11-07 10:52 . 2009-11-07 10:52 -------- d-----w- c:\program files\DIFX
2009-11-07 10:52 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-11-07 10:52 . 2009-11-07 10:52 -------- dc----w- c:\windows\system32\DRVSTORE
2009-11-07 10:52 . 2009-11-07 10:52 12288 d-----w- c:\program files\PC Connectivity Solution
2009-11-07 10:52 . 2009-02-09 07:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-11-07 10:52 . 2009-11-07 10:52 12212040 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDis t11-WindowsXP-X86-ENU.exe
2009-11-07 10:52 . 2009-11-07 10:52 13930312 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDis t11-WindowsXP-X64-ENU.exe
2009-11-07 10:51 . 2009-11-07 10:51 77824 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XM L6_SP1.exe
2009-11-07 10:51 . 2009-11-07 10:51 61440 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11R unx86.exe
2009-11-07 10:51 . 2009-11-07 10:51 58880 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11R unx64.exe
2009-11-07 10:51 . 2009-11-07 10:51 50000 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc .exe
2009-11-07 10:51 . 2009-11-07 10:51 94628904 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_11_update.exe
2009-11-07 10:51 . 2009-11-07 10:58 4096 d-----w- c:\program files\Nokia
2009-11-07 10:51 . 2009-11-07 10:51 -------- d-----w- c:\programdata\OviInstallerCache
2009-11-05 13:28 . 2009-11-05 13:28 -------- d-----w- c:\users\Gebruiker\AppData\Local\Thunderbird
2009-11-05 13:28 . 2009-11-05 13:28 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Thunderbird
2009-11-05 13:28 . 2009-11-05 13:28 8192 d-----w- c:\program files\Mozilla Thunderbird
2009-10-29 15:29 . 2009-10-29 15:29 -------- d-----w- c:\programdata\Creative Home
2009-10-29 15:29 . 2009-10-29 15:29 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Creative Home
2009-10-29 15:11 . 2009-10-29 15:11 -------- d-----w- c:\program files\Common Files\Nova Development
2009-10-29 15:11 . 2009-10-29 15:11 -------- d-----w- c:\program files\Creative Home
2009-10-27 12:26 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-27 12:26 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-27 12:26 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-27 11:44 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 11:44 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 11:44 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 11:44 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 11:44 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 11:44 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 11:44 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 11:44 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 11:44 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-20 13:07 . 2009-01-24 15:11 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Vso
2009-11-20 12:54 . 2008-01-21 06:39 678344 ----a-w- c:\windows\system32\perfh013.dat
2009-11-20 12:54 . 2008-01-21 06:39 130884 ----a-w- c:\windows\system32\perfc013.dat
2009-11-20 12:47 . 2009-01-24 16:25 4096 d-----w- c:\program files\Transcode360
2009-11-19 14:52 . 2009-02-16 12:05 4096 d-----w- c:\program files\Windows Live
2009-11-10 00:57 . 2009-01-29 14:13 12288 d-----w- c:\programdata\Microsoft Help
2009-11-09 09:13 . 2009-01-24 14:45 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\GrabIt
2009-11-07 11:26 . 2009-01-24 13:53 121328 ----a-w- c:\users\Gebruiker\AppData\Local\GDIPFONTCACHEV1.D AT
2009-11-07 10:57 . 2009-11-07 10:57 52962 ----a-w- c:\windows\inf\Nokia Music\0013\tmp9F5E.tmp
2009-11-07 10:57 . 2009-11-07 10:57 52962 ----a-w- c:\windows\inf\Nokia Music\0009\tmp9F5E.tmp
2009-11-07 10:57 . 2009-11-07 10:57 52962 ----a-w- c:\windows\inf\Nokia Music\0000\tmp9F5E.tmp
2009-11-07 10:57 . 2009-11-07 10:57 1657 ----a-w- c:\windows\inf\Nokia Music\tmp9F5F.tmp
2009-11-07 10:46 . 2009-11-07 10:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-11-02 19:42 . 2009-10-06 14:59 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 14:13 . 2009-03-24 11:28 -------- d-----w- c:\programdata\Media Center Programs
2009-10-21 10:42 . 2009-08-05 10:56 4096 d-----w- c:\users\Gebruiker\AppData\Roaming\Image Zone Express
2009-10-21 10:16 . 2009-10-21 10:16 -------- d-----w- c:\program files\Windows Media Components
2009-10-21 10:16 . 2009-10-21 10:16 -------- d-----w- c:\programdata\page
2009-10-21 10:16 . 2009-10-21 10:16 -------- d-----w- c:\program files\Ashampoo
2009-10-18 13:30 . 2009-10-18 13:30 942840 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2009-10-10 18:20 . 2009-10-10 18:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HDJAsioK_0 1007.Wdf
2009-10-10 18:20 . 2009-10-10 18:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HDJBulk_01 007.Wdf
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\Guillemot
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\Hercules
2009-10-10 18:19 . 2009-01-24 13:50 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\InstallShield
2009-10-10 04:16 . 2009-03-27 09:01 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-10 04:15 . 2009-03-27 09:01 12288 d-----w- c:\program files\AGEIA Technologies
2009-10-10 04:14 . 2009-01-25 12:56 -------- d-----w- c:\programdata\Codemasters
2009-10-06 15:01 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-09-04 12:24 . 2009-11-09 08:45 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 12:39 . 2009-10-06 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-10-06 14:56 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22 . 2009-11-09 08:45 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-11-09 08:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-11-09 08:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-11-09 08:45 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-25 08:56 . 2009-08-25 08:56 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-25 08:56 . 2009-08-25 08:56 139152 ----a-w- c:\users\Gebruiker\AppData\Roaming\PnkBstrK.sys
2009-08-25 08:56 . 2009-08-25 08:56 139152 ----a-w- c:\users\Gebruiker\AppData\Roaming\PnkBstrK.sys
2009-08-25 08:56 . 2009-08-25 08:56 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-25 08:55 . 2009-08-25 08:55 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-25 08:55 . 2009-08-25 08:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2008-12-21 12:02 . 2008-12-21 12:02 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

------- Sigcheck -------

[-] 2008-11-29 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 11:38 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"AshSnap"="c:\program files\Ashampoo\Ashampoo Snap 3\ashsnap.exe" [2009-08-25 1229648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"Transcode360"="c:\program files\Transcode360\Transcode360Tray.exe" [2006-12-10 196608]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2009-07-09 505128]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-10-25 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2008-10-07 23552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

c:\users\Gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\
RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2008-12-21 630784]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder 2009.lnk - c:\windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EA A7D652BB0CAAA9D.exe [2009-10-29 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\ avgrkx86.sys [25-4-2009 11:47 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [25-4-2009 11:47 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [25-4-2009 11:47 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26-4-2009 19:42 297752]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\driver s\CT20XUT.sys [8-10-2008 1:21 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\driv ers\CTEXFIFX.sys [8-10-2008 1:21 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\driver s\CTHWIUT.sys [8-10-2008 1:21 72728]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [10-10-2009 19:19 17408]
S3 Bulk;HDJBulk;c:\windows\System32\drivers\HDJBulk.s ys [10-10-2009 19:19 125440]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6-3-2009 11:45 79360]
S3 CT20XUT;CT20XUT;c:\windows\System32\drivers\CT20XU T.sys [8-10-2008 1:21 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\System32\drivers\CTEX FIFX.sys [8-10-2008 1:21 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\System32\drivers\CTHWIU T.sys [8-10-2008 1:21 72728]
S3 HDJAsioK;HDJAsioK;c:\windows\System32\drivers\HDJA sioK.sys [10-10-2009 19:19 172544]
S3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\System32\drivers\HDJMidi.sys [10-10-2009 19:19 123904]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\System32\drivers\hitmanpro35.sys [18-11-2009 6:10 11904]
S3 IAMT03;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\System32\drivers\IAMT03.sys [22-12-2008 11:49 40848]
S3 IAMTV;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\System32\drivers\IAMTV.sys [22-12-2008 11:49 38288]
S4 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\System32\drivers\cmiucr.SYS [22-12-2008 11:48 93056]
S4 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\System32\drivers\hcw99rc.sys [22-12-2008 11:49 10368]
S4 hptmv;hptmv;c:\windows\System32\drivers\hptmv.sys [22-12-2008 11:49 71968]
S4 IAMTXP;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\System32\drivers\IAMTXP.sys [22-12-2008 11:49 47496]
S4 ioatdma;Intel(R) QuickData Technology Device;c:\windows\System32\drivers\ioatdma.sys [22-12-2008 11:49 36480]
S4 iSSetup;Intel(R) PRO/1000 iSCSI Setup Driver;c:\windows\System32\drivers\iSSetup.sys [22-12-2008 11:49 75672]
S4 m5287;m5287;c:\windows\System32\drivers\m5287.sys [22-12-2008 11:49 104320]
S4 m5288;m5288;c:\windows\System32\drivers\m5288.sys [22-12-2008 11:49 211072]
S4 m5289;m5289;c:\windows\System32\drivers\m5289.sys [22-12-2008 11:49 52480]
S4 MODRC;WinFast TV Dongle With Infrared Receiver;c:\windows\System32\drivers\modrc.sys [22-12-2008 11:49 13056]
S4 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.s ys [22-12-2008 11:49 137728]
S4 NBv834x;Killer NIC Gaming Adapter Service;c:\windows\System32\drivers\NBv834x.sys [22-12-2008 11:49 104992]
S4 rr172x;rr172x;c:\windows\System32\drivers\rr172x.s ys [22-12-2008 11:49 90400]
S4 rr2522;rr2522;c:\windows\System32\drivers\rr2522.s ys [22-12-2008 11:49 112160]
S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\System32\drivers\SI3112r.sys [22-12-2008 11:49 110128]
S4 SI3114;SiI-3114 SATALink Controller;c:\windows\System32\drivers\SI3114.sys [22-12-2008 11:49 68912]
S4 SI3124;SiI-3124 SATALink Controller;c:\windows\System32\drivers\SI3124.sys [22-12-2008 11:49 76208]
S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\System32\drivers\Si3124r5.sy s [22-12-2008 11:49 207152]
S4 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [22-12-2008 11:49 210736]
S4 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [22-12-2008 11:49 20632]
S4 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [22-12-2008 11:49 56984]
S4 WinTVCIUSB;Hauppauge WinTV-CI USB (11xxx);c:\windows\System32\drivers\hcw11.sys [22-12-2008 11:49 91136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/dutch/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO
FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\r3ojzkh9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.d ll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug. dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-RGSC - e:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
AddRemove-{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1 - e:\gtr2\Support\unins000.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 15:59
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1928742680-3080710845-1427231912-1000\Software\SecuROM\License information*]
"datasecu"=hex:80,32,5b,f9,30,bf,e7,29,5e,8b,4d,ec,d5,54,29, ec,4e,12,2c,30,5e,
d4,cd,26,a4,22,b5,ab,a5,29,89,d4,2c,43,39,5d,11,fc ,a8,41,30,5b,ff,9f,64,ec,\
"rkeysecu"=hex:27,74,9e,5b,27,aa,9b,c9,ef,59,bc,24,e8,97,ca, e0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="37ED334B245CBF39D5C250068B906224EE05AE34F7DFB9A89A 31E94B4416E17E9AE58DF6F11288B760BEF6817E535119A689 FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFE BC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0 AC4980AC79335D575E7D6A3B98088EDD5E5BE2F6E6678EDD5E 5BE2F6E667D00C8595217105790DB99D1CA04942036CDFB140 1624E371808B571F2812161736C9F1F0794BE14E35090A9587 FDBFA9C9532B6A27E64673E74FDD720943E300399321534D86 A74CB8CD05172FEC216FE53847493755425CFD5A08DE04EEE1 EF4F9E8DEE21B241D211BA93B7EB342A2BDCDEB27C8A3A9418 9FBBCC2871AE6789B45A93CD7ED7BCDAFB3A9C6698E6C0C789 CCFB74EBD51C26EAB602E42D8EEA816A62F4C9706E4AED77E6 67E2128C714491BC1778AADADD1D42C1667E95908B20358C58 9309E4C0A9CC122442BA2069B5D71BDB2119F280A24E061935 0F2988C49B5FC4AEDB1E1BC082BFE46D778F7D41898984DC8E BA51F4F8649E9C82C1485FE916A87382EEF4F9E62AA1A03340 23A3135E306D65BF3E63726DDF18D836D275B222D60D98A113 AE0ABB32ED5A86F5AB2621E3E87B085DD2ACE7276605D8D420 C725827BBF75594E4116D538DE2F34BC3A1286B8B48BE43A60 CE2814786E208D41F645139C1BD1D9A78DB0393777404E09A0 E29976B432A787D07604AA30A87D7C241FFAD6B82BE7172B46 FD5B15A2EA9073A81EACE4443AE15088EC984B87C6186BEE2F 1BE8B623342A8366CA2D86B113E36C2DC4EF3F267264BBDA41 DFF9D1FABFF97E9CB8EA4AE17C3629055BB858177E23FE329E 6AB37F55D02B2803E09B4A4AEB0F0C2CE02FC94610CC12AE2D A2E486A9A2EBABB2409525EB1254BDC0B573655056A5B65737 D8DEA62FF9A97A6E8D703F78EB47A73B82839694548EC34627 A0982024C42F5D415476014B435D2A61660837B0957CA9DA58 3B0EB3E4B40558BE1B0EC7B26FB1F666DC4697E73258F6440A 693DAF0AA2F4BD2C2E892685C14039101356D34152340A9CD9 F3F47C91289D32E998A0CB526C021C776B2C4CDADABA16F519 EB7279F4685B667A3EE40092374EED4CE8617A9E28A440F443 BF47E7A2AD53DA3776707BDC246D480BB4649A0A13F968FA10 6E326541B247AB3F8EEA05BC1B6CE361144C7766C300165A8F E44417E6FEC0BD178A27D3CF069CC9D02EA78C912512EC57B0 FD7213468D6AEBDAC6D663A61678EFD5091FE7D63D053D3B87 4B4CDA5979C135E8FED545169A72ABA82FF0F8C9ED0A805FCC A267AA3899E3D4883A6AC386EBACE3285E2BC44633C93266E5 1721F308C0AF687A66F6D23F3C713A9836CD3A852ACF6AD1A8 A76B506A60A2EAA05481A48B35E2BF87A5E41C9CF5BB7CA06B DF4F09422AA8F33A2E8387656F7FBF8D31A99B5E10138332"
.
Voltooingstijd: 2009-11-20 16:01
ComboFix-quarantined-files.txt 2009-11-20 15:01

Pre-Run: 129.992.380.416 bytes beschikbaar
Post-Run: 129.950.007.296 bytes beschikbaar

- - End Of File - - D3930BB9662122D499EAFEFF293C4F6D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:48, on 20-11-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Transcode360\Transcode360Tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/dutch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AshSnap] C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RUN.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8990 bytes

Hoi Mamu,

In mijn vorige instructies had ik gevraagd om Hitman Pro en Deamon Tools Lite te verwijderen.
Voer dit dan ook uit aub.

http://www.minatica.be/showpost.php?p=494881&postcount=3


Ga naar Virus Total (http://www.virustotal.com/nl/) en upload de volgende file: c:\windows\System32\shsvcs.dll

Post het rapport.

Post een nieuwe Combofix en Hijackthis log.

Emphyrio :)

Ik heb Hitman Pro en Daemon Tools verwijderd, ze staan in elk geval niet meer in de lijst van programma's en onderdelen.
Na een zoekactie op de c: schijf stond blijkbaar daemon tools er nog op.
Blijkbaar zijn het snelkoppelingen die in de startbalk programma's staan.
Dus die 2 programma's staan er echt niet meer op.

ComboFix 09-11-21.03 - Gebruiker 22-11-2009 12:55.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.31.1043.18.3071.2023 [GMT 1:00]
Gestart vanuit: g:\mamu\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-10-22 to 2009-11-22 ))))))))))))))))))))))))))))))
.

2009-11-22 12:03 . 2009-11-22 12:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-22 12:03 . 2009-11-22 12:03 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-11-22 12:03 . 2009-11-22 12:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-19 19:56 . 2009-11-19 19:56 -------- d-----w- c:\program files\CCleaner
2009-11-19 14:04 . 2009-11-19 14:04 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes
2009-11-19 14:04 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-19 14:04 . 2009-11-19 14:04 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-19 14:04 . 2009-11-19 14:04 -------- d-----w- c:\programdata\Malwarebytes
2009-11-19 14:04 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 05:16 . 2009-11-18 05:16 -------- d-----w- c:\program files\Trend Micro
2009-11-18 05:15 . 2009-11-18 05:15 12800 ----a-w- c:\windows\system32\bootdelete.exe
2009-11-18 05:10 . 2009-11-19 13:51 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-11-18 05:09 . 2009-11-18 05:15 -------- d-----w- c:\programdata\Hitman Pro
2009-11-18 05:09 . 2009-11-18 05:09 -------- d-----w- c:\program files\Hitman Pro 3.5
2009-11-16 16:00 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-16 16:00 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-07 13:06 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-07 13:01 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-07 11:26 . 2009-11-07 11:26 -------- d-----w- c:\users\Gebruiker\AppData\Local\IsolatedStorage
2009-11-07 11:01 . 2009-11-07 11:02 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Nokia
2009-11-07 11:01 . 2009-11-07 11:01 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\PC Suite
2009-11-07 11:01 . 2009-11-07 11:01 -------- d-----w- c:\programdata\PC Suite
2009-11-07 11:01 . 2009-11-07 11:01 -------- d-----w- c:\users\Gebruiker\AppData\Local\NokiaAccount
2009-11-07 10:57 . 2009-11-07 10:57 -------- d-----w- c:\users\Gebruiker\AppData\Local\Nokia
2009-11-07 10:57 . 2009-11-07 10:57 -------- d-----w- c:\programdata\NokiaMusic
2009-11-07 10:56 . 2009-11-07 10:56 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-11-07 10:56 . 2009-11-07 10:56 -------- d-----w- c:\windows\Downloaded Installations
2009-11-07 10:53 . 2009-11-07 13:11 4096 d-----w- c:\program files\Common Files\Nokia
2009-11-07 10:52 . 2009-11-07 10:52 -------- d-----w- c:\program files\DIFX
2009-11-07 10:52 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-11-07 10:52 . 2009-11-07 10:52 -------- dc----w- c:\windows\system32\DRVSTORE
2009-11-07 10:52 . 2009-11-07 10:52 12288 d-----w- c:\program files\PC Connectivity Solution
2009-11-07 10:52 . 2009-02-09 07:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-11-07 10:52 . 2009-11-07 10:52 12212040 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDis t11-WindowsXP-X86-ENU.exe
2009-11-07 10:52 . 2009-11-07 10:52 13930312 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDis t11-WindowsXP-X64-ENU.exe
2009-11-07 10:51 . 2009-11-07 10:51 77824 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XM L6_SP1.exe
2009-11-07 10:51 . 2009-11-07 10:51 61440 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11R unx86.exe
2009-11-07 10:51 . 2009-11-07 10:51 58880 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11R unx64.exe
2009-11-07 10:51 . 2009-11-07 10:51 50000 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc .exe
2009-11-07 10:51 . 2009-11-07 10:51 94628904 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_11_update.exe
2009-11-07 10:51 . 2009-11-07 10:58 4096 d-----w- c:\program files\Nokia
2009-11-07 10:51 . 2009-11-07 10:51 -------- d-----w- c:\programdata\OviInstallerCache
2009-11-05 13:28 . 2009-11-05 13:28 -------- d-----w- c:\users\Gebruiker\AppData\Local\Thunderbird
2009-11-05 13:28 . 2009-11-05 13:28 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Thunderbird
2009-11-05 13:28 . 2009-11-05 13:28 8192 d-----w- c:\program files\Mozilla Thunderbird
2009-10-29 15:29 . 2009-10-29 15:29 -------- d-----w- c:\programdata\Creative Home
2009-10-29 15:29 . 2009-10-29 15:29 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Creative Home
2009-10-29 15:11 . 2009-10-29 15:11 -------- d-----w- c:\program files\Common Files\Nova Development
2009-10-29 15:11 . 2009-10-29 15:11 -------- d-----w- c:\program files\Creative Home
2009-10-27 12:26 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-27 12:26 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-27 12:26 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-27 11:44 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 11:44 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 11:44 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 11:44 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 11:44 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 11:44 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 11:44 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 11:44 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 11:44 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-22 11:34 . 2008-01-21 06:39 678344 ----a-w- c:\windows\system32\perfh013.dat
2009-11-22 11:34 . 2008-01-21 06:39 130884 ----a-w- c:\windows\system32\perfc013.dat
2009-11-22 11:30 . 2009-01-24 16:25 4096 d-----w- c:\program files\Transcode360
2009-11-22 01:25 . 2009-01-24 14:45 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\GrabIt
2009-11-20 13:07 . 2009-01-24 15:11 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Vso
2009-11-19 14:52 . 2009-02-16 12:05 4096 d-----w- c:\program files\Windows Live
2009-11-10 00:57 . 2009-01-29 14:13 12288 d-----w- c:\programdata\Microsoft Help
2009-11-07 11:26 . 2009-01-24 13:53 121328 ----a-w- c:\users\Gebruiker\AppData\Local\GDIPFONTCACHEV1.D AT
2009-11-07 10:57 . 2009-11-07 10:57 52962 ----a-w- c:\windows\inf\Nokia Music\0013\tmp9F5E.tmp
2009-11-07 10:57 . 2009-11-07 10:57 52962 ----a-w- c:\windows\inf\Nokia Music\0009\tmp9F5E.tmp
2009-11-07 10:57 . 2009-11-07 10:57 52962 ----a-w- c:\windows\inf\Nokia Music\0000\tmp9F5E.tmp
2009-11-07 10:57 . 2009-11-07 10:57 1657 ----a-w- c:\windows\inf\Nokia Music\tmp9F5F.tmp
2009-11-07 10:46 . 2009-11-07 10:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-11-02 19:42 . 2009-10-06 14:59 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 14:13 . 2009-03-24 11:28 -------- d-----w- c:\programdata\Media Center Programs
2009-10-21 10:42 . 2009-08-05 10:56 4096 d-----w- c:\users\Gebruiker\AppData\Roaming\Image Zone Express
2009-10-21 10:16 . 2009-10-21 10:16 -------- d-----w- c:\program files\Windows Media Components
2009-10-21 10:16 . 2009-10-21 10:16 -------- d-----w- c:\programdata\page
2009-10-21 10:16 . 2009-10-21 10:16 -------- d-----w- c:\program files\Ashampoo
2009-10-18 13:30 . 2009-10-18 13:30 942840 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2009-10-10 18:20 . 2009-10-10 18:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HDJAsioK_0 1007.Wdf
2009-10-10 18:20 . 2009-10-10 18:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HDJBulk_01 007.Wdf
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\Guillemot
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\Hercules
2009-10-10 18:19 . 2009-01-24 13:50 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\InstallShield
2009-10-10 04:16 . 2009-03-27 09:01 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-10 04:15 . 2009-03-27 09:01 12288 d-----w- c:\program files\AGEIA Technologies
2009-10-10 04:14 . 2009-01-25 12:56 -------- d-----w- c:\programdata\Codemasters
2009-10-06 15:01 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-09-04 12:24 . 2009-11-09 08:45 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 12:39 . 2009-10-06 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-10-06 14:56 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22 . 2009-11-09 08:45 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-11-09 08:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-11-09 08:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-11-09 08:45 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-25 08:56 . 2009-08-25 08:56 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-25 08:56 . 2009-08-25 08:56 139152 ----a-w- c:\users\Gebruiker\AppData\Roaming\PnkBstrK.sys
2009-08-25 08:56 . 2009-08-25 08:56 139152 ----a-w- c:\users\Gebruiker\AppData\Roaming\PnkBstrK.sys
2009-08-25 08:56 . 2009-08-25 08:56 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-25 08:55 . 2009-08-25 08:55 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-25 08:55 . 2009-08-25 08:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2008-12-21 12:02 . 2008-12-21 12:02 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

------- Sigcheck -------

[-] 2008-11-29 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-20_14.59.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:56 . 2009-11-22 11:32 45002 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:03 . 2009-11-22 11:32 89432 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2009-01-24 13:42 . 2009-11-19 19:56 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-24 13:42 . 2009-11-20 16:58 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-24 13:42 . 2009-11-20 16:58 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-24 13:42 . 2009-11-19 19:56 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-24 13:42 . 2009-11-20 16:58 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-01-24 13:42 . 2009-11-19 19:56 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-01-24 13:54 . 2009-11-22 11:32 7316 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1928742680-3080710845-1427231912-1000_UserData.bin
- 2009-11-20 05:13 . 2009-11-20 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-11-22 11:30 . 2009-11-22 11:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-11-20 05:13 . 2009-11-20 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-11-22 11:30 . 2009-11-22 11:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2006-11-02 10:33 . 2009-11-22 11:34 598210 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-11-20 12:54 598210 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-22 11:34 105288 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-11-20 12:54 105288 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 11:38 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"AshSnap"="c:\program files\Ashampoo\Ashampoo Snap 3\ashsnap.exe" [2009-08-25 1229648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"Transcode360"="c:\program files\Transcode360\Transcode360Tray.exe" [2006-12-10 196608]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2009-07-09 505128]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-10-25 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2008-10-07 23552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

c:\users\Gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\
RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2008-12-21 630784]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder 2009.lnk - c:\windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EA A7D652BB0CAAA9D.exe [2009-10-29 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\ avgrkx86.sys [25-4-2009 11:47 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [25-4-2009 11:47 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [25-4-2009 11:47 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26-4-2009 19:42 297752]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\driver s\CT20XUT.sys [8-10-2008 1:21 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\driv ers\CTEXFIFX.sys [8-10-2008 1:21 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\driver s\CTHWIUT.sys [8-10-2008 1:21 72728]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [10-10-2009 19:19 17408]
S3 Bulk;HDJBulk;c:\windows\System32\drivers\HDJBulk.s ys [10-10-2009 19:19 125440]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6-3-2009 11:45 79360]
S3 CT20XUT;CT20XUT;c:\windows\System32\drivers\CT20XU T.sys [8-10-2008 1:21 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\System32\drivers\CTEX FIFX.sys [8-10-2008 1:21 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\System32\drivers\CTHWIU T.sys [8-10-2008 1:21 72728]
S3 HDJAsioK;HDJAsioK;c:\windows\System32\drivers\HDJA sioK.sys [10-10-2009 19:19 172544]
S3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\System32\drivers\HDJMidi.sys [10-10-2009 19:19 123904]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\System32\drivers\hitmanpro35.sys [18-11-2009 6:10 11904]
S3 IAMT03;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\System32\drivers\IAMT03.sys [22-12-2008 11:49 40848]
S3 IAMTV;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\System32\drivers\IAMTV.sys [22-12-2008 11:49 38288]
S4 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\System32\drivers\cmiucr.SYS [22-12-2008 11:48 93056]
S4 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\System32\drivers\hcw99rc.sys [22-12-2008 11:49 10368]
S4 hptmv;hptmv;c:\windows\System32\drivers\hptmv.sys [22-12-2008 11:49 71968]
S4 IAMTXP;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\System32\drivers\IAMTXP.sys [22-12-2008 11:49 47496]
S4 ioatdma;Intel(R) QuickData Technology Device;c:\windows\System32\drivers\ioatdma.sys [22-12-2008 11:49 36480]
S4 iSSetup;Intel(R) PRO/1000 iSCSI Setup Driver;c:\windows\System32\drivers\iSSetup.sys [22-12-2008 11:49 75672]
S4 m5287;m5287;c:\windows\System32\drivers\m5287.sys [22-12-2008 11:49 104320]
S4 m5288;m5288;c:\windows\System32\drivers\m5288.sys [22-12-2008 11:49 211072]
S4 m5289;m5289;c:\windows\System32\drivers\m5289.sys [22-12-2008 11:49 52480]
S4 MODRC;WinFast TV Dongle With Infrared Receiver;c:\windows\System32\drivers\modrc.sys [22-12-2008 11:49 13056]
S4 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.s ys [22-12-2008 11:49 137728]
S4 NBv834x;Killer NIC Gaming Adapter Service;c:\windows\System32\drivers\NBv834x.sys [22-12-2008 11:49 104992]
S4 rr172x;rr172x;c:\windows\System32\drivers\rr172x.s ys [22-12-2008 11:49 90400]
S4 rr2522;rr2522;c:\windows\System32\drivers\rr2522.s ys [22-12-2008 11:49 112160]
S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\System32\drivers\SI3112r.sys [22-12-2008 11:49 110128]
S4 SI3114;SiI-3114 SATALink Controller;c:\windows\System32\drivers\SI3114.sys [22-12-2008 11:49 68912]
S4 SI3124;SiI-3124 SATALink Controller;c:\windows\System32\drivers\SI3124.sys [22-12-2008 11:49 76208]
S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\System32\drivers\Si3124r5.sy s [22-12-2008 11:49 207152]
S4 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [22-12-2008 11:49 210736]
S4 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [22-12-2008 11:49 20632]
S4 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [22-12-2008 11:49 56984]
S4 WinTVCIUSB;Hauppauge WinTV-CI USB (11xxx);c:\windows\System32\drivers\hcw11.sys [22-12-2008 11:49 91136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/dutch/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO
FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\r3ojzkh9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.d ll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug. dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 13:04
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1928742680-3080710845-1427231912-1000\Software\SecuROM\License information*]
"datasecu"=hex:80,32,5b,f9,30,bf,e7,29,5e,8b,4d,ec,d5,54,29, ec,4e,12,2c,30,5e,
d4,cd,26,a4,22,b5,ab,a5,29,89,d4,2c,43,39,5d,11,fc ,a8,41,30,5b,ff,9f,64,ec,\
"rkeysecu"=hex:27,74,9e,5b,27,aa,9b,c9,ef,59,bc,24,e8,97,ca, e0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="37ED334B245CBF39D5C250068B906224EE05AE34F7DFB9A89A 31E94B4416E17E9AE58DF6F11288B760BEF6817E535119A689 FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFE BC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0 AC4980AC79335D575E7D6A3B98088EDD5E5BE2F6E6678EDD5E 5BE2F6E667D00C8595217105790DB99D1CA04942036CDFB140 1624E371808B571F2812161736C9F1F0794BE14E35090A9587 FDBFA9C9532B6A27E64673E74FDD720943E300399321534D86 A74CB8CD05172FEC216FE53847493755425CFD5A08DE04EEE1 EF4F9E8DEE21B241D211BA93B7EB342A2BDCDEB27C8A3A9418 9FBBCC2871AE6789B45A93CD7ED7BCDAFB3A9C6698E6C0C789 CCFB74EBD51C26EAB602E42D8EEA816A62F4C9706E4AED77E6 67E2128C714491BC1778AADADD1D42C1667E95908B20358C58 9309E4C0A9CC122442BA2069B5D71BDB2119F280A24E061935 0F2988C49B5FC4AEDB1E1BC082BFE46D778F7D41898984DC8E BA51F4F8649E9C82C1485FE916A87382EEF4F9E62AA1A03340 23A3135E306D65BF3E63726DDF18D836D275B222D60D98A113 AE0ABB32ED5A86F5AB2621E3E87B085DD2ACE7276605D8D420 C725827BBF75594E4116D538DE2F34BC3A1286B8B48BE43A60 CE2814786E208D41F645139C1BD1D9A78DB0393777404E09A0 E29976B432A787D07604AA30A87D7C241FFAD6B82BE7172B46 FD5B15A2EA9073A81EACE4443AE15088EC984B87C6186BEE2F 1BE8B623342A8366CA2D86B113E36C2DC4EF3F267264BBDA41 DFF9D1FABFF97E9CB8EA4AE17C3629055BB858177E23FE329E 6AB37F55D02B2803E09B4A4AEB0F0C2CE02FC94610CC12AE2D A2E486A9A2EBABB2409525EB1254BDC0B573655056A5B65737 D8DEA62FF9A97A6E8D703F78EB47A73B82839694548EC34627 A0982024C42F5D415476014B435D2A61660837B0957CA9DA58 3B0EB3E4B40558BE1B0EC7B26FB1F666DC4697E73258F6440A 693DAF0AA2F4BD2C2E892685C14039101356D34152340A9CD9 F3F47C91289D32E998A0CB526C021C776B2C4CDADABA16F519 EB7279F4685B667A3EE40092374EED4CE8617A9E28A440F443 BF47E7A2AD53DA3776707BDC246D480BB4649A0A13F968FA10 6E326541B247AB3F8EEA05BC1B6CE361144C7766C300165A8F E44417E6FEC0BD178A27D3CF069CC9D02EA78C912512EC57B0 FD7213468D6AEBDAC6D663A61678EFD5091FE7D63D053D3B87 4B4CDA5979C135E8FED545169A72ABA82FF0F8C9ED0A805FCC A267AA3899E3D4883A6AC386EBACE3285E2BC44633C93266E5 1721F308C0AF687A66F6D23F3C713A9836CD3A852ACF6AD1A8 A76B506A60A2EAA05481A48B35E2BF87A5E41C9CF5BB7CA06B DF4F09422AA8F33A2E8387656F7FBF8D31A99B5E10138332"
.
Voltooingstijd: 2009-11-22 13:06
ComboFix-quarantined-files.txt 2009-11-22 12:06
ComboFix2.txt 2009-11-20 15:01

Pre-Run: 131.451.318.272 bytes beschikbaar
Post-Run: 131.416.973.312 bytes beschikbaar

- - End Of File - - A593769A5D5729ED4AF8514959DE129E

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:15, on 22-11-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Transcode360\Transcode360Tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/dutch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AshSnap] C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RUN.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8920 bytes

Hoi mamu,

Je hebt Combofix eveneens niet op je bureaublad staan (zoals in de instructies wordt uitgelegd).

1. Open een kladblokbestand.
Kopieer het ondestaande vetgedrukte, en plak dit in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

File::
c:\windows\system32\drivers\hitmanpro35.sys

Folder::
c:\programdata\Hitman Pro
c:\program files\Hitman Pro 3.5
c:\program files\DAEMON Tools Lite

Driver::
hitmanpro35

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DAEMON Tools Lite"=-


Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

Maak een nieuwe hijackthislog en post deze ook.

2. Ga naar Virus Total (http://www.virustotal.com/nl/) en upload de volgende file: c:\windows\System32\shsvcs.dll

Post het rapport.

Emphyrio :)

ComboFix 09-11-22.06 - Gebruiker 23-11-2009 14:32.3.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.31.1043.18.3071.1981 [GMT 1:00]
Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Gebruiker\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Nieuw herstelpunt werd aangemaakt

FILE ::
"c:\windows\system32\drivers\hitmanpro35.sys"
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Lite
c:\program files\DAEMON Tools Lite\daemon.exe
c:\program files\DAEMON Tools Lite\DTCommonRes.dll
c:\program files\DAEMON Tools Lite\DTE.exe
c:\program files\DAEMON Tools Lite\Engine.dll
c:\program files\DAEMON Tools Lite\imgengine.dll
c:\program files\DAEMON Tools Lite\Lang\ARA.dll
c:\program files\DAEMON Tools Lite\Lang\BGR.dll
c:\program files\DAEMON Tools Lite\Lang\BIH.dll
c:\program files\DAEMON Tools Lite\Lang\CAT.dll
c:\program files\DAEMON Tools Lite\Lang\CHS.dll
c:\program files\DAEMON Tools Lite\Lang\CHT.dll
c:\program files\DAEMON Tools Lite\Lang\CSY.dll
c:\program files\DAEMON Tools Lite\Lang\DAN.dll
c:\program files\DAEMON Tools Lite\Lang\DEU.dll
c:\program files\DAEMON Tools Lite\Lang\ELL.dll
c:\program files\DAEMON Tools Lite\Lang\ENU.dll
c:\program files\DAEMON Tools Lite\Lang\ESN.dll
c:\program files\DAEMON Tools Lite\Lang\FIN.dll
c:\program files\DAEMON Tools Lite\Lang\FRA.dll
c:\program files\DAEMON Tools Lite\Lang\HEB.dll
c:\program files\DAEMON Tools Lite\Lang\HRV.dll
c:\program files\DAEMON Tools Lite\Lang\HUN.dll
c:\program files\DAEMON Tools Lite\Lang\ITA.dll
c:\program files\DAEMON Tools Lite\Lang\JPN.dll
c:\program files\DAEMON Tools Lite\Lang\KAT.dll
c:\program files\DAEMON Tools Lite\Lang\KOR.dll
c:\program files\DAEMON Tools Lite\Lang\LTH.dll
c:\program files\DAEMON Tools Lite\Lang\LVI.dll
c:\program files\DAEMON Tools Lite\Lang\NLB.dll
c:\program files\DAEMON Tools Lite\Lang\NOR.dll
c:\program files\DAEMON Tools Lite\Lang\PLK.dll
c:\program files\DAEMON Tools Lite\Lang\PTB.dll
c:\program files\DAEMON Tools Lite\Lang\ROM.dll
c:\program files\DAEMON Tools Lite\Lang\RUS.dll
c:\program files\DAEMON Tools Lite\Lang\SKY.dll
c:\program files\DAEMON Tools Lite\Lang\SLV.dll
c:\program files\DAEMON Tools Lite\Lang\SRL.dll
c:\program files\DAEMON Tools Lite\Lang\SVE.dll
c:\program files\DAEMON Tools Lite\Lang\TRK.dll
c:\program files\DAEMON Tools Lite\Lang\UKR.dll
c:\program files\DAEMON Tools Lite\mfc80u.dll
c:\program files\DAEMON Tools Lite\Microsoft.VC80.ATL.manifest
c:\program files\DAEMON Tools Lite\Microsoft.VC80.CRT.manifest
c:\program files\DAEMON Tools Lite\Microsoft.VC80.MFC.manifest
c:\program files\DAEMON Tools Lite\Microsoft.VC80.MFCLOC.manifest
c:\program files\DAEMON Tools Lite\msvcp80.dll
c:\program files\DAEMON Tools Lite\msvcr80.dll
c:\program files\DAEMON Tools Lite\uninst.exe
c:\program files\Hitman Pro 3.5
c:\program files\Hitman Pro 3.5\HitmanPro35.exe
c:\programdata\Hitman Pro
c:\programdata\Hitman Pro\Banner.bin
c:\programdata\Hitman Pro\HitmanPro.key
c:\programdata\Hitman Pro\HitmanPro.lic
c:\windows\system32\drivers\hitmanpro35.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HITMANPRO35
-------\Service_hitmanpro35


(((((((((((((((((((( Bestanden Gemaakt van 2009-10-23 to 2009-11-23 ))))))))))))))))))))))))))))))
.

2009-11-23 13:40 . 2009-11-23 13:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-23 13:40 . 2009-11-23 13:40 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-11-19 19:56 . 2009-11-19 19:56 -------- d-----w- c:\program files\CCleaner
2009-11-19 14:04 . 2009-11-19 14:04 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes
2009-11-19 14:04 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-19 14:04 . 2009-11-19 14:04 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-19 14:04 . 2009-11-19 14:04 -------- d-----w- c:\programdata\Malwarebytes
2009-11-19 14:04 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 05:16 . 2009-11-18 05:16 -------- d-----w- c:\program files\Trend Micro
2009-11-18 05:15 . 2009-11-18 05:15 12800 ----a-w- c:\windows\system32\bootdelete.exe
2009-11-16 16:00 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-16 16:00 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-07 13:06 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-07 13:01 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-07 11:26 . 2009-11-07 11:26 -------- d-----w- c:\users\Gebruiker\AppData\Local\IsolatedStorage
2009-11-07 11:01 . 2009-11-07 11:02 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Nokia
2009-11-07 11:01 . 2009-11-07 11:01 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\PC Suite
2009-11-07 11:01 . 2009-11-07 11:01 -------- d-----w- c:\programdata\PC Suite
2009-11-07 11:01 . 2009-11-07 11:01 -------- d-----w- c:\users\Gebruiker\AppData\Local\NokiaAccount
2009-11-07 10:57 . 2009-11-07 10:57 -------- d-----w- c:\users\Gebruiker\AppData\Local\Nokia
2009-11-07 10:57 . 2009-11-07 10:57 -------- d-----w- c:\programdata\NokiaMusic
2009-11-07 10:56 . 2009-11-07 10:56 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-11-07 10:56 . 2009-11-07 10:56 -------- d-----w- c:\windows\Downloaded Installations
2009-11-07 10:53 . 2009-11-07 13:11 4096 d-----w- c:\program files\Common Files\Nokia
2009-11-07 10:52 . 2009-11-07 10:52 -------- d-----w- c:\program files\DIFX
2009-11-07 10:52 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-11-07 10:52 . 2009-11-07 10:52 -------- dc----w- c:\windows\system32\DRVSTORE
2009-11-07 10:52 . 2009-11-07 10:52 12288 d-----w- c:\program files\PC Connectivity Solution
2009-11-07 10:52 . 2009-02-09 07:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-11-07 10:52 . 2009-11-07 10:52 12212040 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDis t11-WindowsXP-X86-ENU.exe
2009-11-07 10:52 . 2009-11-07 10:52 13930312 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDis t11-WindowsXP-X64-ENU.exe
2009-11-07 10:51 . 2009-11-07 10:51 77824 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XM L6_SP1.exe
2009-11-07 10:51 . 2009-11-07 10:51 61440 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11R unx86.exe
2009-11-07 10:51 . 2009-11-07 10:51 58880 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11R unx64.exe
2009-11-07 10:51 . 2009-11-07 10:51 50000 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc .exe
2009-11-07 10:51 . 2009-11-07 10:51 94628904 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_11_update.exe
2009-11-07 10:51 . 2009-11-07 10:58 4096 d-----w- c:\program files\Nokia
2009-11-07 10:51 . 2009-11-07 10:51 -------- d-----w- c:\programdata\OviInstallerCache
2009-11-05 13:28 . 2009-11-05 13:28 -------- d-----w- c:\users\Gebruiker\AppData\Local\Thunderbird
2009-11-05 13:28 . 2009-11-05 13:28 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Thunderbird
2009-11-05 13:28 . 2009-11-05 13:28 8192 d-----w- c:\program files\Mozilla Thunderbird
2009-10-29 15:29 . 2009-10-29 15:29 -------- d-----w- c:\programdata\Creative Home
2009-10-29 15:29 . 2009-10-29 15:29 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Creative Home
2009-10-29 15:11 . 2009-10-29 15:11 -------- d-----w- c:\program files\Common Files\Nova Development
2009-10-29 15:11 . 2009-10-29 15:11 -------- d-----w- c:\program files\Creative Home
2009-10-27 12:26 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-27 12:26 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-27 12:26 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-27 11:44 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 11:44 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 11:44 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 11:44 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 11:44 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 11:44 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 11:44 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 11:44 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 11:44 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-23 13:48 . 2008-01-21 06:39 678344 ----a-w- c:\windows\system32\perfh013.dat
2009-11-23 13:48 . 2008-01-21 06:39 130884 ----a-w- c:\windows\system32\perfc013.dat
2009-11-23 13:41 . 2009-01-24 16:25 4096 d-----w- c:\program files\Transcode360
2009-11-22 13:02 . 2009-01-24 14:45 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\GrabIt
2009-11-20 13:07 . 2009-01-24 15:11 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Vso
2009-11-19 14:52 . 2009-02-16 12:05 4096 d-----w- c:\program files\Windows Live
2009-11-10 00:57 . 2009-01-29 14:13 12288 d-----w- c:\programdata\Microsoft Help
2009-11-07 11:26 . 2009-01-24 13:53 121328 ----a-w- c:\users\Gebruiker\AppData\Local\GDIPFONTCACHEV1.D AT
2009-11-07 10:57 . 2009-11-07 10:57 52962 ----a-w- c:\windows\inf\Nokia Music\0013\tmp9F5E.tmp
2009-11-07 10:57 . 2009-11-07 10:57 52962 ----a-w- c:\windows\inf\Nokia Music\0009\tmp9F5E.tmp
2009-11-07 10:57 . 2009-11-07 10:57 52962 ----a-w- c:\windows\inf\Nokia Music\0000\tmp9F5E.tmp
2009-11-07 10:57 . 2009-11-07 10:57 1657 ----a-w- c:\windows\inf\Nokia Music\tmp9F5F.tmp
2009-11-07 10:46 . 2009-11-07 10:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-11-02 19:42 . 2009-10-06 14:59 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 14:13 . 2009-03-24 11:28 -------- d-----w- c:\programdata\Media Center Programs
2009-10-21 10:42 . 2009-08-05 10:56 4096 d-----w- c:\users\Gebruiker\AppData\Roaming\Image Zone Express
2009-10-21 10:16 . 2009-10-21 10:16 -------- d-----w- c:\program files\Windows Media Components
2009-10-21 10:16 . 2009-10-21 10:16 -------- d-----w- c:\programdata\page
2009-10-21 10:16 . 2009-10-21 10:16 -------- d-----w- c:\program files\Ashampoo
2009-10-18 13:30 . 2009-10-18 13:30 942840 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2009-10-10 18:20 . 2009-10-10 18:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HDJAsioK_0 1007.Wdf
2009-10-10 18:20 . 2009-10-10 18:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HDJBulk_01 007.Wdf
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\Guillemot
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\Hercules
2009-10-10 18:19 . 2009-01-24 13:50 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\InstallShield
2009-10-10 04:16 . 2009-03-27 09:01 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-10 04:15 . 2009-03-27 09:01 12288 d-----w- c:\program files\AGEIA Technologies
2009-10-10 04:14 . 2009-01-25 12:56 -------- d-----w- c:\programdata\Codemasters
2009-10-06 15:01 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-09-04 12:24 . 2009-11-09 08:45 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 12:39 . 2009-10-06 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-10-06 14:56 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22 . 2009-11-09 08:45 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-11-09 08:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-11-09 08:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-11-09 08:45 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-12-21 12:02 . 2008-12-21 12:02 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

------- Sigcheck -------

[-] 2008-11-29 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-20_14.59.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:56 . 2009-11-23 13:12 45018 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:03 . 2009-11-23 13:45 89448 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2009-01-24 13:42 . 2009-11-19 19:56 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-24 13:42 . 2009-11-20 16:58 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-24 13:42 . 2009-11-19 19:56 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-24 13:42 . 2009-11-20 16:58 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-24 13:42 . 2009-11-19 19:56 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-01-24 13:42 . 2009-11-20 16:58 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-01-24 13:54 . 2009-11-23 13:45 7740 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1928742680-3080710845-1427231912-1000_UserData.bin
- 2009-11-20 05:13 . 2009-11-20 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-11-23 13:41 . 2009-11-23 13:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-11-20 05:13 . 2009-11-20 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-11-23 13:41 . 2009-11-23 13:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2006-11-02 10:33 . 2009-11-23 13:48 598210 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-11-20 12:54 598210 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-23 13:48 105288 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-11-20 12:54 105288 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 11:38 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AshSnap"="c:\program files\Ashampoo\Ashampoo Snap 3\ashsnap.exe" [2009-08-25 1229648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"Transcode360"="c:\program files\Transcode360\Transcode360Tray.exe" [2006-12-10 196608]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2009-07-09 505128]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-10-25 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2008-10-07 23552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

c:\users\Gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\
RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2008-12-21 630784]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder 2009.lnk - c:\windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EA A7D652BB0CAAA9D.exe [2009-10-29 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\ avgrkx86.sys [25-4-2009 11:47 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [25-4-2009 11:47 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [25-4-2009 11:47 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26-4-2009 19:42 297752]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\driver s\CT20XUT.sys [8-10-2008 1:21 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\driv ers\CTEXFIFX.sys [8-10-2008 1:21 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\driver s\CTHWIUT.sys [8-10-2008 1:21 72728]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [10-10-2009 19:19 17408]
S3 Bulk;HDJBulk;c:\windows\System32\drivers\HDJBulk.s ys [10-10-2009 19:19 125440]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6-3-2009 11:45 79360]
S3 CT20XUT;CT20XUT;c:\windows\System32\drivers\CT20XU T.sys [8-10-2008 1:21 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\System32\drivers\CTEX FIFX.sys [8-10-2008 1:21 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\System32\drivers\CTHWIU T.sys [8-10-2008 1:21 72728]
S3 HDJAsioK;HDJAsioK;c:\windows\System32\drivers\HDJA sioK.sys [10-10-2009 19:19 172544]
S3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\System32\drivers\HDJMidi.sys [10-10-2009 19:19 123904]
S3 IAMT03;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\System32\drivers\IAMT03.sys [22-12-2008 11:49 40848]
S3 IAMTV;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\System32\drivers\IAMTV.sys [22-12-2008 11:49 38288]
S4 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\System32\drivers\cmiucr.SYS [22-12-2008 11:48 93056]
S4 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\System32\drivers\hcw99rc.sys [22-12-2008 11:49 10368]
S4 hptmv;hptmv;c:\windows\System32\drivers\hptmv.sys [22-12-2008 11:49 71968]
S4 IAMTXP;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\System32\drivers\IAMTXP.sys [22-12-2008 11:49 47496]
S4 ioatdma;Intel(R) QuickData Technology Device;c:\windows\System32\drivers\ioatdma.sys [22-12-2008 11:49 36480]
S4 iSSetup;Intel(R) PRO/1000 iSCSI Setup Driver;c:\windows\System32\drivers\iSSetup.sys [22-12-2008 11:49 75672]
S4 m5287;m5287;c:\windows\System32\drivers\m5287.sys [22-12-2008 11:49 104320]
S4 m5288;m5288;c:\windows\System32\drivers\m5288.sys [22-12-2008 11:49 211072]
S4 m5289;m5289;c:\windows\System32\drivers\m5289.sys [22-12-2008 11:49 52480]
S4 MODRC;WinFast TV Dongle With Infrared Receiver;c:\windows\System32\drivers\modrc.sys [22-12-2008 11:49 13056]
S4 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.s ys [22-12-2008 11:49 137728]
S4 NBv834x;Killer NIC Gaming Adapter Service;c:\windows\System32\drivers\NBv834x.sys [22-12-2008 11:49 104992]
S4 rr172x;rr172x;c:\windows\System32\drivers\rr172x.s ys [22-12-2008 11:49 90400]
S4 rr2522;rr2522;c:\windows\System32\drivers\rr2522.s ys [22-12-2008 11:49 112160]
S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\System32\drivers\SI3112r.sys [22-12-2008 11:49 110128]
S4 SI3114;SiI-3114 SATALink Controller;c:\windows\System32\drivers\SI3114.sys [22-12-2008 11:49 68912]
S4 SI3124;SiI-3124 SATALink Controller;c:\windows\System32\drivers\SI3124.sys [22-12-2008 11:49 76208]
S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\System32\drivers\Si3124r5.sy s [22-12-2008 11:49 207152]
S4 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [22-12-2008 11:49 210736]
S4 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [22-12-2008 11:49 20632]
S4 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [22-12-2008 11:49 56984]
S4 WinTVCIUSB;Hauppauge WinTV-CI USB (11xxx);c:\windows\System32\drivers\hcw11.sys [22-12-2008 11:49 91136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/dutch/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO
FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\r3ojzkh9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.d ll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug. dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 14:44
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1928742680-3080710845-1427231912-1000\Software\SecuROM\License information*]
"datasecu"=hex:80,32,5b,f9,30,bf,e7,29,5e,8b,4d,ec,d5,54,29, ec,4e,12,2c,30,5e,
d4,cd,26,a4,22,b5,ab,a5,29,89,d4,2c,43,39,5d,11,fc ,a8,41,30,5b,ff,9f,64,ec,\
"rkeysecu"=hex:27,74,9e,5b,27,aa,9b,c9,ef,59,bc,24,e8,97,ca, e0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="37ED334B245CBF39D5C250068B906224EE05AE34F7DFB9A89A 31E94B4416E17E9AE58DF6F11288B760BEF6817E535119A689 FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFE BC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0 AC4980AC79335D575E7D6A3B98088EDD5E5BE2F6E6678EDD5E 5BE2F6E667D00C8595217105790DB99D1CA04942036CDFB140 1624E371808B571F2812161736C9F1F0794BE14E35090A9587 FDBFA9C9532B6A27E64673E74FDD720943E300399321534D86 A74CB8CD05172FEC216FE53847493755425CFD5A08DE04EEE1 EF4F9E8DEE21B241D211BA93B7EB342A2BDCDEB27C8A3A9418 9FBBCC2871AE6789B45A93CD7ED7BCDAFB3A9C6698E6C0C789 CCFB74EBD51C26EAB602E42D8EEA816A62F4C9706E4AED77E6 67E2128C714491BC1778AADADD1D42C1667E95908B20358C58 9309E4C0A9CC122442BA2069B5D71BDB2119F280A24E061935 0F2988C49B5FC4AEDB1E1BC082BFE46D778F7D41898984DC8E BA51F4F8649E9C82C1485FE916A87382EEF4F9E62AA1A03340 23A3135E306D65BF3E63726DDF18D836D275B222D60D98A113 AE0ABB32ED5A86F5AB2621E3E87B085DD2ACE7276605D8D420 C725827BBF75594E4116D538DE2F34BC3A1286B8B48BE43A60 CE2814786E208D41F645139C1BD1D9A78DB0393777404E09A0 E29976B432A787D07604AA30A87D7C241FFAD6B82BE7172B46 FD5B15A2EA9073A81EACE4443AE15088EC984B87C6186BEE2F 1BE8B623342A8366CA2D86B113E36C2DC4EF3F267264BBDA41 DFF9D1FABFF97E9CB8EA4AE17C3629055BB858177E23FE329E 6AB37F55D02B2803E09B4A4AEB0F0C2CE02FC94610CC12AE2D A2E486A9A2EBABB2409525EB1254BDC0B573655056A5B65737 D8DEA62FF9A97A6E8D703F78EB47A73B82839694548EC34627 A0982024C42F5D415476014B435D2A61660837B0957CA9DA58 3B0EB3E4B40558BE1B0EC7B26FB1F666DC4697E73258F6440A 693DAF0AA2F4BD2C2E892685C14039101356D34152340A9CD9 F3F47C91289D32E998A0CB526C021C776B2C4CDADABA16F519 EB7279F4685B667A3EE40092374EED4CE8617A9E28A440F443 BF47E7A2AD53DA3776707BDC246D480BB4649A0A13F968FA10 6E326541B247AB3F8EEA05BC1B6CE361144C7766C300165A8F E44417E6FEC0BD178A27D3CF069CC9D02EA78C912512EC57B0 FD7213468D6AEBDAC6D663A61678EFD5091FE7D63D053D3B87 4B4CDA5979C135E8FED545169A72ABA82FF0F8C9ED0A805FCC A267AA3899E3D4883A6AC386EBACE3285E2BC44633C93266E5 1721F308C0AF687A66F6D23F3C713A9836CD3A852ACF6AD1A8 A76B506A60A2EAA05481A48B35E2BF87A5E41C9CF5BB7CA06B DF4F09422AA8F33A2E8387656F7FBF8D31A99B5E10138332"
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\servicing\TrustedInstaller.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-11-23 14:50 - machine werd herstart
ComboFix-quarantined-files.txt 2009-11-23 13:50
ComboFix2.txt 2009-11-22 12:06
ComboFix3.txt 2009-11-20 15:01

Pre-Run: 130.626.719.744 bytes beschikbaar
Post-Run: 130.363.293.696 bytes beschikbaar

- - End Of File - - BEA315D4B1A58BAE8BBB675ACA31F05F

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:38, on 23-11-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Transcode360\Transcode360Tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/dutch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AshSnap] C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RUN.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8830 bytes

Antivirus Versie Laatst geüpdatet Resultaat a-squared 4.5.0.41 2009.11.22 - AhnLab-V3 5.0.0.2 2009.11.20 - AntiVir 7.9.1.72 2009.11.20 - Antiy-AVL 2.0.3.7 2009.11.20 - Authentium 5.2.0.5 2009.11.21 - Avast 4.8.1351.0 2009.11.22 - AVG 8.5.0.425 2009.11.22 - BitDefender 7.2 2009.11.22 - CAT-QuickHeal 10.00 2009.11.21 - ClamAV 0.94.1 2009.11.22 - Comodo 2996 2009.11.22 - DrWeb 5.0.0.12182 2009.11.22 - eSafe 7.0.17.0 2009.11.19 - eTrust-Vet 35.1.7133 2009.11.20 - F-Prot 4.5.1.85 2009.11.21 - F-Secure 9.0.15370.0 2009.11.20 - Fortinet 3.120.0.0 2009.11.22 - GData 19 2009.11.22 - Ikarus T3.1.1.74.0 2009.11.22 - Jiangmin 11.0.800 2009.11.22 - K7AntiVirus 7.10.901 2009.11.20 - Kaspersky 7.0.0.125 2009.11.22 - McAfee 5809 2009.11.21 - McAfee+Artemis 5809 2009.11.21 - McAfee-GW-Edition 6.8.5 2009.11.21 - Microsoft 1.5302 2009.11.22 - NOD32 4627 2009.11.21 - Norman 6.03.02 2009.11.21 - nProtect 2009.1.8.0 2009.11.22 - Panda 10.0.2.2 2009.11.21 - PCTools 7.0.3.5 2009.11.21 - Prevx 3.0 2009.11.22 - Rising 22.22.06.04 2009.11.22 - Sophos 4.47.0 2009.11.22 - Sunbelt 3.2.1858.2 2009.11.21 - Symantec 1.4.4.12 2009.11.22 - TheHacker 6.5.0.2.075 2009.11.20 - TrendMicro 9.0.0.1003 2009.11.22 - VBA32 3.12.12.0 2009.11.22 - ViRobot 2009.11.20.2047 2009.11.20 - VirusBuster 5.0.21.0 2009.11.21 - Extra informatie File size: 247296 bytes MD5 : 2406e3a5fae743dce81168a8cdb8573f SHA1 : b625d3970a39cc25553c2156c3d7f68323c91c33 SHA256: 8cac875d2b984f67cbb20e1a08892ef2583906bd9e38cca35b 6c9d21e8fc27eb PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x6C60F520
timedatestamp.....: 0x4791A761 (Sat Jan 19 08:31:45 2008)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1DFD3 0x1E000 6.43 8358e6ee6ac67519ef4c60597299e85d
.data 0x1F000 0xCC8 0xE00 1.00 8c93b338a52da5bbfdb0cd4044437b1d
.rsrc 0x20000 0x1BD68 0x1BE00 3.84 09abc7989cf9dd7533b80deafc1ecf45
.reloc 0x3C000 0x15D8 0x1600 6.74 4e8bf4ed0aa819280d60e32b825046ea

( 0 imports )


( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%) ssdeep: 6144:UDdC5mfoLV/MM6RKAscznjHQmjLskRgq2:Uo5mALtMVCb PEiD : - RDS : NSRL Reference Data Set
-

Hoi Mamu,

Open een kladblokbestand.
Kopieer het ondestaande vetgedrukte, en plak dit in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

REGNULL::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\System*]


Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

Maak een nieuwe hijackthislog en post deze ook.

Emphyro :)

Hoi,

Bedankt al voor al de moeite dat je doet. Ik wou ff een update geven.
Als ik bestanden uitpak met winrar of ik lees men email, of ik kopieer bestanden van externe hd naar een ander externe hd geen problemen
Maar vanaf ik begin te werken vanaf men interne hd's begint de pc ontzettend traag te worden. Dan geeft de cpu 100% aan. Alleen al mappen openen op een interne schijf begint de miserie. Nooit op een externe schijf!

ComboFix 09-11-23.04 - Gebruiker 24-11-2009 15:21.4.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.31.1043.18.3071.1967 [GMT 1:00]
Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Gebruiker\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-10-24 to 2009-11-24 ))))))))))))))))))))))))))))))
.

2009-11-24 14:28 . 2009-11-24 14:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-24 14:28 . 2009-11-24 14:28 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-11-24 14:28 . 2009-11-24 14:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-24 14:17 . 2009-11-24 14:17 1010936 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2009-11-19 19:56 . 2009-11-19 19:56 -------- d-----w- c:\program files\CCleaner
2009-11-19 14:04 . 2009-11-19 14:04 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes
2009-11-19 14:04 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-19 14:04 . 2009-11-19 14:04 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-19 14:04 . 2009-11-19 14:04 -------- d-----w- c:\programdata\Malwarebytes
2009-11-19 14:04 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 05:16 . 2009-11-18 05:16 -------- d-----w- c:\program files\Trend Micro
2009-11-18 05:15 . 2009-11-18 05:15 12800 ----a-w- c:\windows\system32\bootdelete.exe
2009-11-16 16:00 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-16 16:00 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-07 13:06 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-07 13:01 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-07 11:26 . 2009-11-07 11:26 -------- d-----w- c:\users\Gebruiker\AppData\Local\IsolatedStorage
2009-11-07 11:01 . 2009-11-07 11:02 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Nokia
2009-11-07 11:01 . 2009-11-07 11:01 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\PC Suite
2009-11-07 11:01 . 2009-11-07 11:01 -------- d-----w- c:\programdata\PC Suite
2009-11-07 11:01 . 2009-11-07 11:01 -------- d-----w- c:\users\Gebruiker\AppData\Local\NokiaAccount
2009-11-07 10:57 . 2009-11-07 10:57 -------- d-----w- c:\users\Gebruiker\AppData\Local\Nokia
2009-11-07 10:57 . 2009-11-07 10:57 -------- d-----w- c:\programdata\NokiaMusic
2009-11-07 10:56 . 2009-11-07 10:56 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-11-07 10:56 . 2009-11-07 10:56 -------- d-----w- c:\windows\Downloaded Installations
2009-11-07 10:53 . 2009-11-07 13:11 4096 d-----w- c:\program files\Common Files\Nokia
2009-11-07 10:52 . 2009-11-07 10:52 -------- d-----w- c:\program files\DIFX
2009-11-07 10:52 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-11-07 10:52 . 2009-11-07 10:52 -------- dc----w- c:\windows\system32\DRVSTORE
2009-11-07 10:52 . 2009-11-07 10:52 12288 d-----w- c:\program files\PC Connectivity Solution
2009-11-07 10:52 . 2009-02-09 07:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-11-07 10:52 . 2009-11-07 10:52 12212040 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDis t11-WindowsXP-X86-ENU.exe
2009-11-07 10:52 . 2009-11-07 10:52 13930312 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDis t11-WindowsXP-X64-ENU.exe
2009-11-07 10:51 . 2009-11-07 10:51 77824 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XM L6_SP1.exe
2009-11-07 10:51 . 2009-11-07 10:51 61440 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11R unx86.exe
2009-11-07 10:51 . 2009-11-07 10:51 58880 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11R unx64.exe
2009-11-07 10:51 . 2009-11-07 10:51 50000 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc .exe
2009-11-07 10:51 . 2009-11-07 10:51 94628904 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_11_update.exe
2009-11-07 10:51 . 2009-11-07 10:58 4096 d-----w- c:\program files\Nokia
2009-11-07 10:51 . 2009-11-07 10:51 -------- d-----w- c:\programdata\OviInstallerCache
2009-11-05 13:28 . 2009-11-05 13:28 -------- d-----w- c:\users\Gebruiker\AppData\Local\Thunderbird
2009-11-05 13:28 . 2009-11-05 13:28 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Thunderbird
2009-11-05 13:28 . 2009-11-05 13:28 8192 d-----w- c:\program files\Mozilla Thunderbird
2009-10-29 15:29 . 2009-10-29 15:29 -------- d-----w- c:\programdata\Creative Home
2009-10-29 15:29 . 2009-10-29 15:29 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Creative Home
2009-10-29 15:11 . 2009-10-29 15:11 -------- d-----w- c:\program files\Common Files\Nova Development
2009-10-29 15:11 . 2009-10-29 15:11 -------- d-----w- c:\program files\Creative Home
2009-10-27 12:26 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-27 12:26 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-27 12:26 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-27 11:44 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 11:44 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 11:44 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 11:44 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 11:44 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 11:44 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 11:44 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 11:44 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 11:44 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-24 14:10 . 2008-01-21 06:39 678344 ----a-w- c:\windows\system32\perfh013.dat
2009-11-24 14:10 . 2008-01-21 06:39 130884 ----a-w- c:\windows\system32\perfc013.dat
2009-11-24 14:04 . 2009-01-24 16:25 4096 d-----w- c:\program files\Transcode360
2009-11-22 13:02 . 2009-01-24 14:45 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\GrabIt
2009-11-20 13:07 . 2009-01-24 15:11 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Vso
2009-11-19 14:52 . 2009-02-16 12:05 4096 d-----w- c:\program files\Windows Live
2009-11-10 00:57 . 2009-01-29 14:13 12288 d-----w- c:\programdata\Microsoft Help
2009-11-07 11:26 . 2009-01-24 13:53 121328 ----a-w- c:\users\Gebruiker\AppData\Local\GDIPFONTCACHEV1.D AT
2009-11-07 10:57 . 2009-11-07 10:57 52962 ----a-w- c:\windows\inf\Nokia Music\0013\tmp9F5E.tmp
2009-11-07 10:57 . 2009-11-07 10:57 52962 ----a-w- c:\windows\inf\Nokia Music\0009\tmp9F5E.tmp
2009-11-07 10:57 . 2009-11-07 10:57 52962 ----a-w- c:\windows\inf\Nokia Music\0000\tmp9F5E.tmp
2009-11-07 10:57 . 2009-11-07 10:57 1657 ----a-w- c:\windows\inf\Nokia Music\tmp9F5F.tmp
2009-11-07 10:46 . 2009-11-07 10:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-11-02 19:42 . 2009-10-06 14:59 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 14:13 . 2009-03-24 11:28 -------- d-----w- c:\programdata\Media Center Programs
2009-10-21 10:42 . 2009-08-05 10:56 4096 d-----w- c:\users\Gebruiker\AppData\Roaming\Image Zone Express
2009-10-21 10:16 . 2009-10-21 10:16 -------- d-----w- c:\program files\Windows Media Components
2009-10-21 10:16 . 2009-10-21 10:16 -------- d-----w- c:\programdata\page
2009-10-21 10:16 . 2009-10-21 10:16 -------- d-----w- c:\program files\Ashampoo
2009-10-10 18:20 . 2009-10-10 18:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HDJAsioK_0 1007.Wdf
2009-10-10 18:20 . 2009-10-10 18:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HDJBulk_01 007.Wdf
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\Guillemot
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\Hercules
2009-10-10 18:19 . 2009-01-24 13:50 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\InstallShield
2009-10-10 04:16 . 2009-03-27 09:01 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-10 04:15 . 2009-03-27 09:01 12288 d-----w- c:\program files\AGEIA Technologies
2009-10-10 04:14 . 2009-01-25 12:56 -------- d-----w- c:\programdata\Codemasters
2009-10-06 15:01 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-09-04 12:24 . 2009-11-09 08:45 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 12:39 . 2009-10-06 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-10-06 14:56 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22 . 2009-11-09 08:45 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-11-09 08:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-11-09 08:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-11-09 08:45 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-12-21 12:02 . 2008-12-21 12:02 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

------- Sigcheck -------

[-] 2008-11-29 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-20_14.59.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:56 . 2009-11-24 14:06 45034 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:03 . 2009-11-24 14:06 89448 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2009-01-24 13:42 . 2009-11-19 19:56 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-24 13:42 . 2009-11-20 16:58 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-24 13:42 . 2009-11-19 19:56 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-24 13:42 . 2009-11-20 16:58 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-24 13:42 . 2009-11-19 19:56 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-01-24 13:42 . 2009-11-20 16:58 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-01-24 13:54 . 2009-11-24 14:06 7780 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1928742680-3080710845-1427231912-1000_UserData.bin
- 2009-11-20 05:13 . 2009-11-20 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-11-24 14:04 . 2009-11-24 14:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-11-20 05:13 . 2009-11-20 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-11-24 14:04 . 2009-11-24 14:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2006-11-02 10:33 . 2009-11-24 14:10 598210 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-11-20 12:54 598210 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-24 14:10 105288 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-11-20 12:54 105288 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 11:38 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AshSnap"="c:\program files\Ashampoo\Ashampoo Snap 3\ashsnap.exe" [2009-08-25 1229648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"Transcode360"="c:\program files\Transcode360\Transcode360Tray.exe" [2006-12-10 196608]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2009-07-09 505128]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-10-25 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2008-10-07 23552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

c:\users\Gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\
RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2008-12-21 630784]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder 2009.lnk - c:\windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EA A7D652BB0CAAA9D.exe [2009-10-29 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\ avgrkx86.sys [25-4-2009 11:47 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [25-4-2009 11:47 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [25-4-2009 11:47 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26-4-2009 19:42 297752]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\driver s\CT20XUT.sys [8-10-2008 1:21 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\driv ers\CTEXFIFX.sys [8-10-2008 1:21 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\driver s\CTHWIUT.sys [8-10-2008 1:21 72728]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [10-10-2009 19:19 17408]
S3 Bulk;HDJBulk;c:\windows\System32\drivers\HDJBulk.s ys [10-10-2009 19:19 125440]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6-3-2009 11:45 79360]
S3 CT20XUT;CT20XUT;c:\windows\System32\drivers\CT20XU T.sys [8-10-2008 1:21 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\System32\drivers\CTEX FIFX.sys [8-10-2008 1:21 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\System32\drivers\CTHWIU T.sys [8-10-2008 1:21 72728]
S3 HDJAsioK;HDJAsioK;c:\windows\System32\drivers\HDJA sioK.sys [10-10-2009 19:19 172544]
S3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\System32\drivers\HDJMidi.sys [10-10-2009 19:19 123904]
S3 IAMT03;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\System32\drivers\IAMT03.sys [22-12-2008 11:49 40848]
S3 IAMTV;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\System32\drivers\IAMTV.sys [22-12-2008 11:49 38288]
S4 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\System32\drivers\cmiucr.SYS [22-12-2008 11:48 93056]
S4 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\System32\drivers\hcw99rc.sys [22-12-2008 11:49 10368]
S4 hptmv;hptmv;c:\windows\System32\drivers\hptmv.sys [22-12-2008 11:49 71968]
S4 IAMTXP;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\System32\drivers\IAMTXP.sys [22-12-2008 11:49 47496]
S4 ioatdma;Intel(R) QuickData Technology Device;c:\windows\System32\drivers\ioatdma.sys [22-12-2008 11:49 36480]
S4 iSSetup;Intel(R) PRO/1000 iSCSI Setup Driver;c:\windows\System32\drivers\iSSetup.sys [22-12-2008 11:49 75672]
S4 m5287;m5287;c:\windows\System32\drivers\m5287.sys [22-12-2008 11:49 104320]
S4 m5288;m5288;c:\windows\System32\drivers\m5288.sys [22-12-2008 11:49 211072]
S4 m5289;m5289;c:\windows\System32\drivers\m5289.sys [22-12-2008 11:49 52480]
S4 MODRC;WinFast TV Dongle With Infrared Receiver;c:\windows\System32\drivers\modrc.sys [22-12-2008 11:49 13056]
S4 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.s ys [22-12-2008 11:49 137728]
S4 NBv834x;Killer NIC Gaming Adapter Service;c:\windows\System32\drivers\NBv834x.sys [22-12-2008 11:49 104992]
S4 rr172x;rr172x;c:\windows\System32\drivers\rr172x.s ys [22-12-2008 11:49 90400]
S4 rr2522;rr2522;c:\windows\System32\drivers\rr2522.s ys [22-12-2008 11:49 112160]
S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\System32\drivers\SI3112r.sys [22-12-2008 11:49 110128]
S4 SI3114;SiI-3114 SATALink Controller;c:\windows\System32\drivers\SI3114.sys [22-12-2008 11:49 68912]
S4 SI3124;SiI-3124 SATALink Controller;c:\windows\System32\drivers\SI3124.sys [22-12-2008 11:49 76208]
S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\System32\drivers\Si3124r5.sy s [22-12-2008 11:49 207152]
S4 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [22-12-2008 11:49 210736]
S4 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [22-12-2008 11:49 20632]
S4 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [22-12-2008 11:49 56984]
S4 WinTVCIUSB;Hauppauge WinTV-CI USB (11xxx);c:\windows\System32\drivers\hcw11.sys [22-12-2008 11:49 91136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/dutch/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO
FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\r3ojzkh9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.d ll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug. dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS VERWIJDERD - - - -

AddRemove-NVIDIA Drivers - c:\windows\system32\NVUNINST.EXE UninstallGUI



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 15:28
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1928742680-3080710845-1427231912-1000\Software\SecuROM\License information*]
"datasecu"=hex:80,32,5b,f9,30,bf,e7,29,5e,8b,4d,ec,d5,54,29, ec,4e,12,2c,30,5e,
d4,cd,26,a4,22,b5,ab,a5,29,89,d4,2c,43,39,5d,11,fc ,a8,41,30,5b,ff,9f,64,ec,\
"rkeysecu"=hex:27,74,9e,5b,27,aa,9b,c9,ef,59,bc,24,e8,97,ca, e0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="37ED334B245CBF39D5C250068B906224EE05AE34F7DFB9A89A 31E94B4416E17E9AE58DF6F11288B760BEF6817E535119A689 FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFE BC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0 AC4980AC79335D575E7D6A3B98088EDD5E5BE2F6E6678EDD5E 5BE2F6E667D00C8595217105790DB99D1CA04942036CDFB140 1624E371808B571F2812161736C9F1F0794BE14E35090A9587 FDBFA9C9532B6A27E64673E74FDD720943E300399321534D86 A74CB8CD05172FEC216FE53847493755425CFD5A08DE04EEE1 EF4F9E8DEE21B241D211BA93B7EB342A2BDCDEB27C8A3A9418 9FBBCC2871AE6789B45A93CD7ED7BCDAFB3A9C6698E6C0C789 CCFB74EBD51C26EAB602E42D8EEA816A62F4C9706E4AED77E6 67E2128C714491BC1778AADADD1D42C1667E95908B20358C58 9309E4C0A9CC122442BA2069B5D71BDB2119F280A24E061935 0F2988C49B5FC4AEDB1E1BC082BFE46D778F7D41898984DC8E BA51F4F8649E9C82C1485FE916A87382EEF4F9E62AA1A03340 23A3135E306D65BF3E63726DDF18D836D275B222D60D98A113 AE0ABB32ED5A86F5AB2621E3E87B085DD2ACE7276605D8D420 C725827BBF75594E4116D538DE2F34BC3A1286B8B48BE43A60 CE2814786E208D41F645139C1BD1D9A78DB0393777404E09A0 E29976B432A787D07604AA30A87D7C241FFAD6B82BE7172B46 FD5B15A2EA9073A81EACE4443AE15088EC984B87C6186BEE2F 1BE8B623342A8366CA2D86B113E36C2DC4EF3F267264BBDA41 DFF9D1FABFF97E9CB8EA4AE17C3629055BB858177E23FE329E 6AB37F55D02B2803E09B4A4AEB0F0C2CE02FC94610CC12AE2D A2E486A9A2EBABB2409525EB1254BDC0B573655056A5B65737 D8DEA62FF9A97A6E8D703F78EB47A73B82839694548EC34627 A0982024C42F5D415476014B435D2A61660837B0957CA9DA58 3B0EB3E4B40558BE1B0EC7B26FB1F666DC4697E73258F6440A 693DAF0AA2F4BD2C2E892685C14039101356D34152340A9CD9 F3F47C91289D32E998A0CB526C021C776B2C4CDADABA16F519 EB7279F4685B667A3EE40092374EED4CE8617A9E28A440F443 BF47E7A2AD53DA3776707BDC246D480BB4649A0A13F968FA10 6E326541B247AB3F8EEA05BC1B6CE361144C7766C300165A8F E44417E6FEC0BD178A27D3CF069CC9D02EA78C912512EC57B0 FD7213468D6AEBDAC6D663A61678EFD5091FE7D63D053D3B87 4B4CDA5979C135E8FED545169A72ABA82FF0F8C9ED0A805FCC A267AA3899E3D4883A6AC386EBACE3285E2BC44633C93266E5 1721F308C0AF687A66F6D23F3C713A9836CD3A852ACF6AD1A8 A76B506A60A2EAA05481A48B35E2BF87A5E41C9CF5BB7CA06B DF4F09422AA8F33A2E8387656F7FBF8D31A99B5E10138332"
.
Voltooingstijd: 2009-11-24 15:30
ComboFix-quarantined-files.txt 2009-11-24 14:30
ComboFix2.txt 2009-11-23 13:50
ComboFix3.txt 2009-11-22 12:06
ComboFix4.txt 2009-11-20 15:01

Pre-Run: 123.731.140.608 bytes beschikbaar
Post-Run: 130.375.544.832 bytes beschikbaar

- - End Of File - - E5EFFC9203A4B0FF9C0A090DF9DDDD75

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:47, on 24-11-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Transcode360\Transcode360Tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/dutch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AshSnap] C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RUN.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8830 bytes

Hoi mamu,

Alle tools steeds als Administrator uitvoeren.

Eerst:

Sla bijgevoegde CFScript.txt op op je bureaublad.

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

Daarna:

Ga naar http://www.gmer.net/#files en klik op "Download EXE".

Pak de bestanden uit naar het bureaublad.

Let op: Sluit alle openstaande programma's/vensters!

Open GMER en klik op het Rootkit/Malware tabblad.
Zorg dat alle vakjes aan de rechterkant zijn aangevinkt, behalve "Show all".
http://www.emphyrio.be/images/gmerchoice.gif

Klik op Scan (1).
http://www.emphyrio.be/images/gmerselect.gif

Wanneer de scan klaar is, klik op Copy

Open je kladblok en selecteer Plak. Plaats de resultaten in je volgende bericht.

Maak een nieuwe hijackthislog en post deze ook.

Emphyrio :)

ComboFix 09-11-23.04 - Gebruiker 25-11-2009 14:13.5.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.31.1043.18.3071.1931 [GMT 1:00]
Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Gebruiker\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-10-25 to 2009-11-25 ))))))))))))))))))))))))))))))
.

2009-11-25 13:19 . 2009-11-25 13:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-25 13:19 . 2009-11-25 13:19 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-11-25 13:19 . 2009-11-25 13:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-24 14:17 . 2009-11-24 14:17 1010936 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2009-11-19 19:56 . 2009-11-19 19:56 -------- d-----w- c:\program files\CCleaner
2009-11-19 14:04 . 2009-11-19 14:04 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes
2009-11-19 14:04 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-19 14:04 . 2009-11-19 14:04 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-19 14:04 . 2009-11-19 14:04 -------- d-----w- c:\programdata\Malwarebytes
2009-11-19 14:04 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 05:16 . 2009-11-18 05:16 -------- d-----w- c:\program files\Trend Micro
2009-11-18 05:15 . 2009-11-18 05:15 12800 ----a-w- c:\windows\system32\bootdelete.exe
2009-11-16 16:00 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-16 16:00 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-07 13:06 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-07 13:01 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-07 11:26 . 2009-11-07 11:26 -------- d-----w- c:\users\Gebruiker\AppData\Local\IsolatedStorage
2009-11-07 11:01 . 2009-11-07 11:02 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Nokia
2009-11-07 11:01 . 2009-11-07 11:01 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\PC Suite
2009-11-07 11:01 . 2009-11-07 11:01 -------- d-----w- c:\programdata\PC Suite
2009-11-07 11:01 . 2009-11-07 11:01 -------- d-----w- c:\users\Gebruiker\AppData\Local\NokiaAccount
2009-11-07 10:57 . 2009-11-07 10:57 -------- d-----w- c:\users\Gebruiker\AppData\Local\Nokia
2009-11-07 10:57 . 2009-11-07 10:57 -------- d-----w- c:\programdata\NokiaMusic
2009-11-07 10:56 . 2009-11-07 10:56 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-11-07 10:56 . 2009-11-07 10:56 -------- d-----w- c:\windows\Downloaded Installations
2009-11-07 10:53 . 2009-11-07 13:11 4096 d-----w- c:\program files\Common Files\Nokia
2009-11-07 10:52 . 2009-11-07 10:52 -------- d-----w- c:\program files\DIFX
2009-11-07 10:52 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-11-07 10:52 . 2009-11-07 10:52 -------- dc----w- c:\windows\system32\DRVSTORE
2009-11-07 10:52 . 2009-11-07 10:52 12288 d-----w- c:\program files\PC Connectivity Solution
2009-11-07 10:52 . 2009-02-09 07:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-11-07 10:52 . 2009-11-07 10:52 12212040 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDis t11-WindowsXP-X86-ENU.exe
2009-11-07 10:52 . 2009-11-07 10:52 13930312 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDis t11-WindowsXP-X64-ENU.exe
2009-11-07 10:51 . 2009-11-07 10:51 77824 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XM L6_SP1.exe
2009-11-07 10:51 . 2009-11-07 10:51 61440 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11R unx86.exe
2009-11-07 10:51 . 2009-11-07 10:51 58880 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11R unx64.exe
2009-11-07 10:51 . 2009-11-07 10:51 50000 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc .exe
2009-11-07 10:51 . 2009-11-07 10:51 94628904 ----a-w- c:\programdata\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_11_update.exe
2009-11-07 10:51 . 2009-11-07 10:58 4096 d-----w- c:\program files\Nokia
2009-11-07 10:51 . 2009-11-07 10:51 -------- d-----w- c:\programdata\OviInstallerCache
2009-11-05 13:28 . 2009-11-05 13:28 -------- d-----w- c:\users\Gebruiker\AppData\Local\Thunderbird
2009-11-05 13:28 . 2009-11-05 13:28 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Thunderbird
2009-11-05 13:28 . 2009-11-05 13:28 8192 d-----w- c:\program files\Mozilla Thunderbird
2009-10-29 15:29 . 2009-10-29 15:29 -------- d-----w- c:\programdata\Creative Home
2009-10-29 15:29 . 2009-10-29 15:29 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Creative Home
2009-10-29 15:11 . 2009-10-29 15:11 -------- d-----w- c:\program files\Common Files\Nova Development
2009-10-29 15:11 . 2009-10-29 15:11 -------- d-----w- c:\program files\Creative Home
2009-10-27 12:26 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-27 12:26 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-27 12:26 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-27 11:44 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 11:44 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 11:44 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 11:44 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 11:44 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 11:44 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 11:44 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 11:44 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 11:44 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-25 13:02 . 2008-01-21 06:39 678344 ----a-w- c:\windows\system32\perfh013.dat
2009-11-25 13:02 . 2008-01-21 06:39 130884 ----a-w- c:\windows\system32\perfc013.dat
2009-11-25 12:58 . 2009-01-24 16:25 4096 d-----w- c:\program files\Transcode360
2009-11-22 13:02 . 2009-01-24 14:45 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\GrabIt
2009-11-20 13:07 . 2009-01-24 15:11 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Vso
2009-11-19 14:52 . 2009-02-16 12:05 4096 d-----w- c:\program files\Windows Live
2009-11-10 00:57 . 2009-01-29 14:13 12288 d-----w- c:\programdata\Microsoft Help
2009-11-07 11:26 . 2009-01-24 13:53 121328 ----a-w- c:\users\Gebruiker\AppData\Local\GDIPFONTCACHEV1.D AT
2009-11-07 10:57 . 2009-11-07 10:57 52962 ----a-w- c:\windows\inf\Nokia Music\0013\tmp9F5E.tmp
2009-11-07 10:57 . 2009-11-07 10:57 52962 ----a-w- c:\windows\inf\Nokia Music\0009\tmp9F5E.tmp
2009-11-07 10:57 . 2009-11-07 10:57 52962 ----a-w- c:\windows\inf\Nokia Music\0000\tmp9F5E.tmp
2009-11-07 10:57 . 2009-11-07 10:57 1657 ----a-w- c:\windows\inf\Nokia Music\tmp9F5F.tmp
2009-11-07 10:46 . 2009-11-07 10:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-11-02 19:42 . 2009-10-06 14:59 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 14:13 . 2009-03-24 11:28 -------- d-----w- c:\programdata\Media Center Programs
2009-10-21 10:42 . 2009-08-05 10:56 4096 d-----w- c:\users\Gebruiker\AppData\Roaming\Image Zone Express
2009-10-21 10:16 . 2009-10-21 10:16 -------- d-----w- c:\program files\Windows Media Components
2009-10-21 10:16 . 2009-10-21 10:16 -------- d-----w- c:\programdata\page
2009-10-21 10:16 . 2009-10-21 10:16 -------- d-----w- c:\program files\Ashampoo
2009-10-10 18:20 . 2009-10-10 18:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HDJAsioK_0 1007.Wdf
2009-10-10 18:20 . 2009-10-10 18:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HDJBulk_01 007.Wdf
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\Guillemot
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\Hercules
2009-10-10 18:19 . 2009-01-24 13:50 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\InstallShield
2009-10-10 04:16 . 2009-03-27 09:01 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-10 04:15 . 2009-03-27 09:01 12288 d-----w- c:\program files\AGEIA Technologies
2009-10-10 04:14 . 2009-01-25 12:56 -------- d-----w- c:\programdata\Codemasters
2009-10-06 15:01 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-09-04 12:24 . 2009-11-09 08:45 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 12:39 . 2009-10-06 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-10-06 14:56 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-21 12:02 . 2008-12-21 12:02 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

------- Sigcheck -------

[-] 2008-11-29 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-20_14.59.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:56 . 2009-11-25 12:59 45228 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:03 . 2009-11-25 12:59 89464 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2009-01-24 13:42 . 2009-11-19 19:56 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-24 13:42 . 2009-11-20 16:58 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-24 13:42 . 2009-11-19 19:56 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-24 13:42 . 2009-11-20 16:58 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-24 13:42 . 2009-11-19 19:56 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-01-24 13:42 . 2009-11-20 16:58 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-01-24 13:54 . 2009-11-25 12:59 7828 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1928742680-3080710845-1427231912-1000_UserData.bin
- 2009-11-20 05:13 . 2009-11-20 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-11-25 12:57 . 2009-11-25 12:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-11-20 05:13 . 2009-11-20 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-11-25 12:57 . 2009-11-25 12:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2006-11-02 10:33 . 2009-11-25 13:02 598210 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-11-20 12:54 598210 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-25 13:02 105288 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-11-20 12:54 105288 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 11:38 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AshSnap"="c:\program files\Ashampoo\Ashampoo Snap 3\ashsnap.exe" [2009-08-25 1229648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"Transcode360"="c:\program files\Transcode360\Transcode360Tray.exe" [2006-12-10 196608]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2009-07-09 505128]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-10-25 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2008-10-07 23552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

c:\users\Gebruiker\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\
RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2008-12-21 630784]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder 2009.lnk - c:\windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EA A7D652BB0CAAA9D.exe [2009-10-29 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\ avgrkx86.sys [25-4-2009 11:47 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [25-4-2009 11:47 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [25-4-2009 11:47 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26-4-2009 19:42 297752]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\driver s\CT20XUT.sys [8-10-2008 1:21 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\driv ers\CTEXFIFX.sys [8-10-2008 1:21 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\driver s\CTHWIUT.sys [8-10-2008 1:21 72728]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [10-10-2009 19:19 17408]
S3 Bulk;HDJBulk;c:\windows\System32\drivers\HDJBulk.s ys [10-10-2009 19:19 125440]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6-3-2009 11:45 79360]
S3 CT20XUT;CT20XUT;c:\windows\System32\drivers\CT20XU T.sys [8-10-2008 1:21 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\System32\drivers\CTEX FIFX.sys [8-10-2008 1:21 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\System32\drivers\CTHWIU T.sys [8-10-2008 1:21 72728]
S3 HDJAsioK;HDJAsioK;c:\windows\System32\drivers\HDJA sioK.sys [10-10-2009 19:19 172544]
S3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\System32\drivers\HDJMidi.sys [10-10-2009 19:19 123904]
S3 IAMT03;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\System32\drivers\IAMT03.sys [22-12-2008 11:49 40848]
S3 IAMTV;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\System32\drivers\IAMTV.sys [22-12-2008 11:49 38288]
S4 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\System32\drivers\cmiucr.SYS [22-12-2008 11:48 93056]
S4 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\System32\drivers\hcw99rc.sys [22-12-2008 11:49 10368]
S4 hptmv;hptmv;c:\windows\System32\drivers\hptmv.sys [22-12-2008 11:49 71968]
S4 IAMTXP;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\System32\drivers\IAMTXP.sys [22-12-2008 11:49 47496]
S4 ioatdma;Intel(R) QuickData Technology Device;c:\windows\System32\drivers\ioatdma.sys [22-12-2008 11:49 36480]
S4 iSSetup;Intel(R) PRO/1000 iSCSI Setup Driver;c:\windows\System32\drivers\iSSetup.sys [22-12-2008 11:49 75672]
S4 m5287;m5287;c:\windows\System32\drivers\m5287.sys [22-12-2008 11:49 104320]
S4 m5288;m5288;c:\windows\System32\drivers\m5288.sys [22-12-2008 11:49 211072]
S4 m5289;m5289;c:\windows\System32\drivers\m5289.sys [22-12-2008 11:49 52480]
S4 MODRC;WinFast TV Dongle With Infrared Receiver;c:\windows\System32\drivers\modrc.sys [22-12-2008 11:49 13056]
S4 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.s ys [22-12-2008 11:49 137728]
S4 NBv834x;Killer NIC Gaming Adapter Service;c:\windows\System32\drivers\NBv834x.sys [22-12-2008 11:49 104992]
S4 rr172x;rr172x;c:\windows\System32\drivers\rr172x.s ys [22-12-2008 11:49 90400]
S4 rr2522;rr2522;c:\windows\System32\drivers\rr2522.s ys [22-12-2008 11:49 112160]
S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\System32\drivers\SI3112r.sys [22-12-2008 11:49 110128]
S4 SI3114;SiI-3114 SATALink Controller;c:\windows\System32\drivers\SI3114.sys [22-12-2008 11:49 68912]
S4 SI3124;SiI-3124 SATALink Controller;c:\windows\System32\drivers\SI3124.sys [22-12-2008 11:49 76208]
S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\System32\drivers\Si3124r5.sy s [22-12-2008 11:49 207152]
S4 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [22-12-2008 11:49 210736]
S4 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [22-12-2008 11:49 20632]
S4 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [22-12-2008 11:49 56984]
S4 WinTVCIUSB;Hauppauge WinTV-CI USB (11xxx);c:\windows\System32\drivers\hcw11.sys [22-12-2008 11:49 91136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/dutch/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO
FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox \Profiles\r3ojzkh9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.d ll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug. dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-25 14:19
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1928742680-3080710845-1427231912-1000\Software\SecuROM\License information*]
"datasecu"=hex:80,32,5b,f9,30,bf,e7,29,5e,8b,4d,ec,d5,54,29, ec,4e,12,2c,30,5e,
d4,cd,26,a4,22,b5,ab,a5,29,89,d4,2c,43,39,5d,11,fc ,a8,41,30,5b,ff,9f,64,ec,\
"rkeysecu"=hex:27,74,9e,5b,27,aa,9b,c9,ef,59,bc,24,e8,97,ca, e0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="37ED334B245CBF39D5C250068B906224EE05AE34F7DFB9A89A 31E94B4416E17E9AE58DF6F11288B760BEF6817E535119A689 FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFE BC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0 AC4980AC79335D575E7D6A3B98088EDD5E5BE2F6E6678EDD5E 5BE2F6E667D00C8595217105790DB99D1CA04942036CDFB140 1624E371808B571F2812161736C9F1F0794BE14E35090A9587 FDBFA9C9532B6A27E64673E74FDD720943E300399321534D86 A74CB8CD05172FEC216FE53847493755425CFD5A08DE04EEE1 EF4F9E8DEE21B241D211BA93B7EB342A2BDCDEB27C8A3A9418 9FBBCC2871AE6789B45A93CD7ED7BCDAFB3A9C6698E6C0C789 CCFB74EBD51C26EAB602E42D8EEA816A62F4C9706E4AED77E6 67E2128C714491BC1778AADADD1D42C1667E95908B20358C58 9309E4C0A9CC122442BA2069B5D71BDB2119F280A24E061935 0F2988C49B5FC4AEDB1E1BC082BFE46D778F7D41898984DC8E BA51F4F8649E9C82C1485FE916A87382EEF4F9E62AA1A03340 23A3135E306D65BF3E63726DDF18D836D275B222D60D98A113 AE0ABB32ED5A86F5AB2621E3E87B085DD2ACE7276605D8D420 C725827BBF75594E4116D538DE2F34BC3A1286B8B48BE43A60 CE2814786E208D41F645139C1BD1D9A78DB0393777404E09A0 E29976B432A787D07604AA30A87D7C241FFAD6B82BE7172B46 FD5B15A2EA9073A81EACE4443AE15088EC984B87C6186BEE2F 1BE8B623342A8366CA2D86B113E36C2DC4EF3F267264BBDA41 DFF9D1FABFF97E9CB8EA4AE17C3629055BB858177E23FE329E 6AB37F55D02B2803E09B4A4AEB0F0C2CE02FC94610CC12AE2D A2E486A9A2EBABB2409525EB1254BDC0B573655056A5B65737 D8DEA62FF9A97A6E8D703F78EB47A73B82839694548EC34627 A0982024C42F5D415476014B435D2A61660837B0957CA9DA58 3B0EB3E4B40558BE1B0EC7B26FB1F666DC4697E73258F6440A 693DAF0AA2F4BD2C2E892685C14039101356D34152340A9CD9 F3F47C91289D32E998A0CB526C021C776B2C4CDADABA16F519 EB7279F4685B667A3EE40092374EED4CE8617A9E28A440F443 BF47E7A2AD53DA3776707BDC246D480BB4649A0A13F968FA10 6E326541B247AB3F8EEA05BC1B6CE361144C7766C300165A8F E44417E6FEC0BD178A27D3CF069CC9D02EA78C912512EC57B0 FD7213468D6AEBDAC6D663A61678EFD5091FE7D63D053D3B87 4B4CDA5979C135E8FED545169A72ABA82FF0F8C9ED0A805FCC A267AA3899E3D4883A6AC386EBACE3285E2BC44633C93266E5 1721F308C0AF687A66F6D23F3C713A9836CD3A852ACF6AD1A8 A76B506A60A2EAA05481A48B35E2BF87A5E41C9CF5BB7CA06B DF4F09422AA8F33A2E8387656F7FBF8D31A99B5E10138332"
.
Voltooingstijd: 2009-11-25 14:21
ComboFix-quarantined-files.txt 2009-11-25 13:21
ComboFix2.txt 2009-11-24 14:30
ComboFix3.txt 2009-11-23 13:50
ComboFix4.txt 2009-11-22 12:06
ComboFix5.txt 2009-11-25 13:12

Pre-Run: 130.326.315.008 bytes beschikbaar
Post-Run: 130.286.850.048 bytes beschikbaar

- - End Of File - - 723055CEDF84B855DC688DA9A14774D1

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:54, on 25-11-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Transcode360\Transcode360Tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/dutch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AshSnap] C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RUN.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8784 bytes

Hoi mamu,

Logs zijn clean. :good:

1. Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

ComboFix /Uninstall

Zorg ervoor dat er dus een spatie is tussen Combofix en /
Daarna klik je op Enter.

http://www.emphyrio.be/images/SMUninstall_combofix.png (http://www.emphyrio.be/images/Uninstall_combofix.png)

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden,
herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
gaat verborgen bestanden en systeembestanden terug verbergen
en reset je Systeemherstel opnieuw.

2. Download OTC.exe (http://oldtimer.geekstogo.com/OTC.exe) (by OldTimer)
Plaats het bestand op je bureaublad.
Zorg dat er een internetverbinding is.
Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
Klik nu op de knop "CleanUp!"
Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.

Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.

3. Post een nieuwe Hijackthis log ter controle en geef me een update van je probleem.

Emphyrio :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:04, on 26-11-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Desktop Tray Clock\DTClock.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Transcode360\Transcode360Tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2009\Planner\PLNRnote.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/dutch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AshSnap] C:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RUN.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9064 bytes

Het probleem ligt uitsluitend bij de maps met de HD en Blu-ray films (wmv en mkv-bestanden) op de interne schijven! Andere maps die ik open op de interne schijf geen enkel probleem.
Misschien ligt het aan men moederbord of satakabels. Ik ga deze zaterdag eens vervangen. Alvast bedankt alweer voor de hulp! :D:D:D:D

Hoi Mamu,

Graag gedaan hoor :)

Even opruimen en afsluiten :

Download of Update Ccleaner (http://www.ccleaner.com/download/builds)
Klik op de Slim versie (4 de link)

Start CCleaner op.

Run Ccleaner en klik in de linkse kolom op Opties
Selecteer het tabblad Geavanceerd
Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
Klik in de linkse kolom op Cleaner.
Klik dan achtereenvolgens op Analyseer en Schoonmaken.
Klik vervolgens in de linkse kolom op Register
Klik op Scan naar problemen.
Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK


Mag ik je tot slot nog deze tips aanreiken: Veilig Internetten (http://www.jawwi.nl/beveiliging/basis.html)

Emphyrio :)

Alles is proper en in orde! Nogmaals bedankt :good::good:
En ja hoor ik heb het eens doorgenomen het veilig internetten. Had nog nooit gehoord van malware!

Graag gedaan, Mamu :)

Emphyrio :)