Computer is heel heel langzaam

**lex11** · 17 February 2012, 18:24

Hier hijackthis file Alvast dank

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:21:52, on 17/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\HILDE.KIDS3.001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HILDE.KIDS3.001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HILDE.KIDS3.001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HILDE.KIDS3.001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HILDE.KIDS3.001\Mijn documenten\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1308556148140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1308561605828
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 7346 bytes

**Juisterr** · 18 February 2012, 14:31

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

**Juisterr** · 18 February 2012, 14:31

Download LopSD naar je Bureaublad

Kies Optie N en Enter
Klik OK bij het informatie venter
Kies Optie 2 (Fix + Hosts), en Enter
Aan het eind verschijnt een log ( LopR.txt ) plaats de inhoud ervan in je volgende antwoord

Vista gebruikers:rechtsklik op LopSD en kies voor "Als Administrator uitvoeren”
Note:LopSD wordt door sommige virusscanners als virus gezien,deactiveer daarom je scanner

**lex11** · 18 February 2012, 15:31

dank voor snelle antwoord
hier het logje

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Rev 2.00
USER : HILDE ( Administrator )
BOOT : Normal boot
Antivirus : avast! Antivirus 5.0.100664663 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:114 Go (Free:49 Go)
D:\ (Local Disk) - NTFS - Total:18 Go (Free:18 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( za 18/02/2012|14:25 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Beschrijving van mappen in APPLIC~1

[20/06/2011|07:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes beschikbaar

[20/06/2011|12:49] C:\DOCUME~1\ALEX\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\ALEX\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\ALEX\APPLIC~1\bytes beschikbaar

[20/06/2011|15:54] C:\DOCUME~1\ALEX~1.KID\APPLIC~1\Adobe
[11/10/2011|16:32] C:\DOCUME~1\ALEX~1.KID\APPLIC~1\Apple Computer
[20/06/2011|15:52] C:\DOCUME~1\ALEX~1.KID\APPLIC~1\Identities
[20/06/2011|15:56] C:\DOCUME~1\ALEX~1.KID\APPLIC~1\Macromedia
[13/02/2012|17:32] C:\DOCUME~1\ALEX~1.KID\APPLIC~1\Microsoft
[01/08/2011|16:27] C:\DOCUME~1\ALEX~1.KID\APPLIC~1\Sun
[17/02/2012|18:49] C:\DOCUME~1\ALEX~1.KID\APPLIC~1\Windows Desktop Search
[0|bestand(en)] C:\DOCUME~1\ALEX~1.KID\APPLIC~1\bytes
[9|map(pen)] C:\DOCUME~1\ALEX~1.KID\APPLIC~1\bytes beschikbaar

[11/10/2011|16:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[17/10/2011|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/10/2011|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[11/10/2011|16:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[20/06/2011|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ashampoo
[16/02/2012|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVAST Software
[20/06/2011|09:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[30/08/2011|08:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonIJScan
[17/07/2011|08:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Computer Updater
[05/10/2011|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hps
[11/10/2011|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[17/02/2012|13:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[17/02/2012|13:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[28/07/2011|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[22/06/2011|22:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[23/06/2011|16:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[23/06/2011|16:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio Plus
[23/06/2011|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio Ultimate
[17/10/2011|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\regid.1986-12.com.adobe
[17/02/2012|21:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[23/06/2011|16:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Studio 12
[27/07/2011|13:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sun
[14/11/2011|15:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tarma Installer
[16/02/2012|22:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[05/10/2011|16:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tmp
[20/06/2011|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[28/01/2012|17:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindSolutions
[0|bestand(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
[29|map(pen)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes beschikbaar

[17/02/2012|15:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes beschikbaar

[08/09/2011|19:06] C:\DOCUME~1\Eigenaar\APPLIC~1\Adobe
[13/02/2012|13:25] C:\DOCUME~1\Eigenaar\APPLIC~1\Apple Computer
[03/12/2011|12:42] C:\DOCUME~1\Eigenaar\APPLIC~1\Azureus
[13/01/2012|14:42] C:\DOCUME~1\Eigenaar\APPLIC~1\BitComet
[26/01/2012|16:18] C:\DOCUME~1\Eigenaar\APPLIC~1\DVDVideoSoft
[12/10/2011|13:44] C:\DOCUME~1\Eigenaar\APPLIC~1\DVDVideoSoftIEHelper s
[03/09/2011|15:21] C:\DOCUME~1\Eigenaar\APPLIC~1\Google
[20/06/2011|07:37] C:\DOCUME~1\Eigenaar\APPLIC~1\Identities
[20/06/2011|11:19] C:\DOCUME~1\Eigenaar\APPLIC~1\Macromedia
[03/02/2012|18:32] C:\DOCUME~1\Eigenaar\APPLIC~1\Microsoft
[12/10/2011|15:00] C:\DOCUME~1\Eigenaar\APPLIC~1\Mozilla
[28/07/2011|19:30] C:\DOCUME~1\Eigenaar\APPLIC~1\MSN6
[17/07/2011|08:37] C:\DOCUME~1\Eigenaar\APPLIC~1\Pro Cycling Manager 2010
[23/01/2012|20:07] C:\DOCUME~1\Eigenaar\APPLIC~1\Pro Cycling Manager 2011
[15/01/2012|13:10] C:\DOCUME~1\Eigenaar\APPLIC~1\SecuROM
[27/07/2011|18:34] C:\DOCUME~1\Eigenaar\APPLIC~1\Sun
[17/02/2012|13:03] C:\DOCUME~1\Eigenaar\APPLIC~1\Windows Desktop Search
[16/02/2012|16:41] C:\DOCUME~1\Eigenaar\APPLIC~1\WindSolutions
[0|bestand(en)] C:\DOCUME~1\Eigenaar\APPLIC~1\bytes
[20|map(pen)] C:\DOCUME~1\Eigenaar\APPLIC~1\bytes beschikbaar

[20/06/2011|12:53] C:\DOCUME~1\HILDE\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\HILDE\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\HILDE\APPLIC~1\bytes beschikbaar

[20/06/2011|12:49] C:\DOCUME~1\HILDE~1.KID\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\HILDE~1.KID\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\HILDE~1.KID\APPLIC~1\bytes beschikbaar

[20/06/2011|12:49] C:\DOCUME~1\HILDEK~1.000\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\HILDEK~1.000\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\HILDEK~1.000\APPLIC~1\bytes beschikbaar

[17/10/2011|15:18] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\Adobe
[16/02/2012|16:42] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\Apple Computer
[12/11/2011|12:48] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\Azureus
[30/08/2011|08:08] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\Canon
[17/10/2011|14:37] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\com.adobe.downlo adassistant.AdobeDownloadAssistant
[20/06/2011|17:49] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\GetRightToGo
[07/12/2011|16:06] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\Google
[02/11/2011|10:18] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\gtk-2.0
[20/06/2011|13:06] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\Identities
[14/01/2012|16:45] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\IObit
[20/06/2011|14:13] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\Macromedia
[11/10/2011|11:19] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\Malwarebytes
[17/02/2012|15:18] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\Microsoft
[27/07/2011|13:00] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\Sun
[08/09/2011|15:45] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\U3
[17/02/2012|15:01] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\Windows Desktop Search
[0|bestand(en)] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\bytes
[18|map(pen)] C:\DOCUME~1\HILDEK~1.001\APPLIC~1\bytes beschikbaar

[01/08/2011|12:13] C:\DOCUME~1\KIDS\APPLIC~1\Adobe
[15/10/2011|09:48] C:\DOCUME~1\KIDS\APPLIC~1\Apple Computer
[20/06/2011|15:58] C:\DOCUME~1\KIDS\APPLIC~1\Identities
[21/06/2011|14:54] C:\DOCUME~1\KIDS\APPLIC~1\Macromedia
[16/02/2012|16:42] C:\DOCUME~1\KIDS\APPLIC~1\Microsoft
[29/07/2011|20:28] C:\DOCUME~1\KIDS\APPLIC~1\Sun
[17/12/2011|14:31] C:\DOCUME~1\KIDS\APPLIC~1\U3
[0|bestand(en)] C:\DOCUME~1\KIDS\APPLIC~1\bytes
[9|map(pen)] C:\DOCUME~1\KIDS\APPLIC~1\bytes beschikbaar

[12/10/2011|13:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\Apple Computer
[16/02/2012|16:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
[4|map(pen)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes beschikbaar

[20/06/2011|07:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes beschikbaar

--------------------\\ Geplande Taken gelocaliseerd in C:\WINDOWS\Tasks

[16/02/2012 21:41][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1004Core1cce1ea4cde9d1a.job
[18/02/2012 14:26][--a------] C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[17/02/2012 11:10][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[18/02/2012 13:38][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1006UA.job
[08/02/2012 18:38][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1006Core.job
[18/02/2012 14:06][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[18/02/2012 14:19][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[18/02/2012 11:19][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1004UA.job
[18/02/2012 14:06][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1005UA.job
[17/02/2012 15:16][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1005Core.job
[18/02/2012 14:06][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1003UA.job
[04/02/2012 19:06][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1003Core.job
[18/02/2012 14:19][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2003 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Beschrijving van mappen in C:\Program Files

[17/10/2011|15:47] C:\Program Files\Adobe
[17/10/2011|14:53] C:\Program Files\Adobe Photoshop CS5.1
[12/10/2011|12:54] C:\Program Files\Apple Software Update
[20/06/2011|17:53] C:\Program Files\Ashampoo
[26/01/2012|16:18] C:\Program Files\Ask.com
[20/06/2011|10:16] C:\Program Files\AVAST Software
[20/07/2011|13:06] C:\Program Files\Belgium Identity Card
[02/12/2011|11:13] C:\Program Files\Bonjour
[14/01/2012|09:24] C:\Program Files\CCleaner
[16/02/2012|14:44] C:\Program Files\Common Files
[29/11/2011|16:02] C:\Program Files\Complitly
[20/06/2011|07:31] C:\Program Files\ComPlus Applications
[18/07/2011|13:18] C:\Program Files\Cyanide
[14/07/2011|11:30] C:\Program Files\Cyanide(2)
[17/07/2011|08:38] C:\Program Files\File Type Assistant
[23/07/2011|09:11] C:\Program Files\Fotoservice
[17/10/2011|15:55] C:\Program Files\GIMP-2
[17/10/2011|15:52] C:\Program Files\GIMP-2.0
[17/02/2012|21:23] C:\Program Files\Google
[17/02/2012|14:59] C:\Program Files\Internet Explorer
[13/01/2012|13:04] C:\Program Files\IObit
[16/02/2012|16:44] C:\Program Files\iPod
[26/01/2012|16:22] C:\Program Files\iPod(2)
[16/02/2012|16:45] C:\Program Files\iTunes
[26/01/2012|16:22] C:\Program Files\iTunes(2)
[20/10/2011|08:46] C:\Program Files\Java
[12/10/2011|15:07] C:\Program Files\LimeWire
[20/06/2011|15:00] C:\Program Files\Messenger
[16/02/2012|16:41] C:\Program Files\Microsoft
[21/06/2011|18:48] C:\Program Files\microsoft frontpage
[10/08/2011|15:47] C:\Program Files\Microsoft Office
[17/02/2012|16:00] C:\Program Files\Microsoft Silverlight
[20/06/2011|18:38] C:\Program Files\Microsoft Works
[15/07/2011|16:56] C:\Program Files\Microsoft.NET
[20/06/2011|18:49] C:\Program Files\Movie Maker
[20/07/2011|13:06] C:\Program Files\Mozilla Firefox
[25/06/2011|21:29] C:\Program Files\MSBuild
[28/07/2011|19:29] C:\Program Files\MSN
[20/06/2011|07:31] C:\Program Files\MSN Gaming Zone
[24/06/2011|09:02] C:\Program Files\MSXML 4.0
[20/06/2011|14:21] C:\Program Files\NetMeeting
[20/06/2011|07:32] C:\Program Files\Online Services
[20/06/2011|18:51] C:\Program Files\Outlook Express
[17/10/2011|14:34] C:\Program Files\Paint.NET
[23/06/2011|16:18] C:\Program Files\Pinnacle
[02/12/2011|11:22] C:\Program Files\QuickTime
[25/06/2011|21:28] C:\Program Files\Reference Assemblies
[16/02/2012|22:51] C:\Program Files\SpywareBlaster
[23/06/2011|16:22] C:\Program Files\SureThing Express Labeler
[20/06/2011|07:37] C:\Program Files\Uninstall Information
[17/02/2012|15:32] C:\Program Files\Windows Desktop Search
[16/02/2012|16:41] C:\Program Files\Windows Live
[16/02/2012|16:41] C:\Program Files\Windows Live SkyDrive
[16/02/2012|16:45] C:\Program Files\Windows Media Connect 2
[16/02/2012|16:45] C:\Program Files\Windows Media Player
[20/06/2011|14:21] C:\Program Files\Windows NT
[20/06/2011|08:49] C:\Program Files\WindowsUpdate
[13/01/2012|14:42] C:\Program Files\Wisdom-soft ScreenHunter 5 Free
[20/06/2011|07:34] C:\Program Files\xerox
[0|bestand(en)] C:\Program Files\bytes
[61|map(pen)] C:\Program Files\bytes beschikbaar

--------------------\\ Beschrijving van mappen in C:\Program Files\Common Files

[26/01/2012|16:19] C:\Program Files\Common Files\Adobe
[16/02/2012|16:44] C:\Program Files\Common Files\Apple
[20/06/2011|09:06] C:\Program Files\Common Files\DESIGNER
[20/10/2011|08:47] C:\Program Files\Common Files\Java
[16/02/2012|16:41] C:\Program Files\Common Files\Microsoft Shared
[20/06/2011|07:32] C:\Program Files\Common Files\MSSoap
[20/06/2011|09:17] C:\Program Files\Common Files\ODBC
[23/06/2011|16:08] C:\Program Files\Common Files\Pinnacle
[20/06/2011|07:32] C:\Program Files\Common Files\Services
[20/06/2011|09:17] C:\Program Files\Common Files\SpeechEngines
[23/06/2011|16:22] C:\Program Files\Common Files\SureThing Shared
[20/06/2011|14:21] C:\Program Files\Common Files\System
[03/02/2012|18:29] C:\Program Files\Common Files\Windows Live
[23/06/2011|16:02] C:\Program Files\Common Files\Yahoo!
[0|bestand(en)] C:\Program Files\Common Files\bytes
[16|map(pen)] C:\Program Files\Common Files\bytes beschikbaar

--------------------\\ Process

( 34 Processes )

... OK !

--------------------\\ Zoeken met S_Lop

Geen Lop mappen gevonden !

--------------------\\ Zoeken naar Lop Bestanden - Mappen

Geen Lop mappen gevonden !

--------------------\\ Zoeken doorheen het Register

..... OK !

--------------------\\ Nazicht van het Hosts bestand

Hosts bestand IN ORDE

--------------------\\ Zoeken naar verborgen bestanden met Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-18 14:27:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Zoeken naar andere infecties

Geen andere infecties gevonden !

[F:317][D:18]-> C:\DOCUME~1\HILDEK~1.001\LOCALS~1\Temp
[F:7][D:0]-> C:\DOCUME~1\HILDEK~1.001\Cookies
[F:437][D:4]-> C:\DOCUME~1\HILDEK~1.001\LOCALS~1\TEMPOR~1\content .IE5

1 - "C:\Lop SD\LopR_1.txt" - za 18/02/2012|14:29 - Option : [2]

--------------------\\ Scan voltooid om 14:29:34

**Juisterr** · 18 February 2012, 16:43

Toch maar verder graven.

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier staat een handleiding over hoe je deze kan uitschakelen: )

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

**lex11** · 18 February 2012, 17:49

hallo,

heb gisteren combofix laten lopen geen foutmeldingen wanneer ik dit opnieuw wil doen krijg ik foutmelding combofix kan niet combofix1

**Juisterr** · 18 February 2012, 19:39

Verwijder ComboFix, kopiëer het onderstaande commando met (Ctrl + C):
Combofix /Uninstall (let op!!! de spatie voor /Uninstall)

Klik Start -> Uitvoeren, en plak (Ctrl + V) het commando, toets vervolgens Ctrl + Shift + Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

Start opnieuw op

Download Combofix opnieuw, scan ermee en plaats de uitslag aub.

**lex11** · 18 February 2012, 22:21

ComboFix 12-02-17.02 - HILDE 18/02/2012 21:00:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.303 [GMT 1:00]
Gestart vanuit: c:\documents and settings\HILDE.KIDS3.001\Mijn documenten\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\HILDE.KIDS3.001\Bureaublad\Internet Explorer.lnk
c:\windows\system32\scrrun.dll.tmp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-18 to 2012-02-18 ))))))))))))))))))))))))))))))
.
.
2012-02-18 17:25 . 2012-02-18 17:25 -------- d--h--r- c:\documents and settings\HILDE.KIDS3.001\Onlangs geopend
2012-02-18 13:24 . 2012-02-18 13:29 -------- d-----w- C:\Lop SD
2012-02-18 13:15 . 2012-02-18 13:15 -------- d--h--r- c:\documents and settings\KIDS\Onlangs geopend
2012-02-18 13:09 . 2012-02-18 13:09 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend
2012-02-18 13:06 . 2012-02-18 13:06 -------- d--h--r- c:\documents and settings\ALEX.KIDS3\Onlangs geopend
2012-02-18 07:24 . 2012-02-18 07:24 -------- d-sh--w- c:\documents and settings\KIDS\PrivacIE
2012-02-18 07:21 . 2012-02-18 07:21 -------- d-sh--w- c:\documents and settings\KIDS\IETldCache
2012-02-17 17:51 . 2012-02-17 17:51 -------- d-sh--w- c:\documents and settings\ALEX.KIDS3\PrivacIE
2012-02-17 17:49 . 2012-02-17 17:49 -------- d-----w- c:\documents and settings\ALEX.KIDS3\Application Data\Windows Desktop Search
2012-02-17 17:48 . 2012-02-17 17:48 -------- d-sh--w- c:\documents and settings\ALEX.KIDS3\IETldCache
2012-02-17 16:03 . 2012-02-17 16:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-17 15:22 . 2012-02-17 15:22 -------- d-sh--w- c:\documents and settings\HILDE.KIDS3.001\PrivacIE
2012-02-17 15:01 . 2012-02-18 09:18 -------- d-----w- c:\documents and settings\HILDE.KIDS3.001\Local Settings\Application Data\ApplicationHistory
2012-02-17 14:01 . 2012-02-17 14:01 -------- d-----w- c:\documents and settings\HILDE.KIDS3.001\Application Data\Windows Desktop Search
2012-02-17 14:00 . 2012-02-17 14:00 -------- d-sh--w- c:\documents and settings\HILDE.KIDS3.001\IETldCache
2012-02-17 13:04 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-17 12:55 . 2011-12-17 19:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-17 12:55 . 2011-12-17 19:42 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-17 12:55 . 2011-12-17 19:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-17 12:35 . 2012-02-17 15:00 -------- d-----w- c:\program files\Microsoft Silverlight
2012-02-17 12:05 . 2012-02-17 12:05 -------- d-----w- c:\windows\system32\winrm
2012-02-17 12:03 . 2012-02-17 12:03 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Windows Desktop Search
2012-02-17 11:55 . 2011-12-17 19:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-17 11:55 . 2011-12-17 19:42 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-17 11:55 . 2011-12-17 19:42 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-02-17 11:55 . 2011-12-16 12:22 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2012-02-17 11:55 . 2011-12-18 13:42 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-02-17 11:55 . 2009-03-08 03:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2012-02-17 11:55 . 2009-03-08 03:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2012-02-17 11:39 . 2012-02-17 11:39 -------- d-----w- c:\windows\system32\URTTEMP
2012-02-17 09:34 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2012-02-16 21:56 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-16 21:56 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-16 21:56 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-16 21:56 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-16 21:56 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-16 21:56 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-02-16 21:56 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-02-16 21:56 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-16 21:56 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-16 21:56 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-16 21:21 . 2012-02-17 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-02-16 21:15 . 2012-02-16 21:51 -------- d-----w- c:\program files\SpywareBlaster
2012-02-16 15:50 . 2012-02-16 15:50 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-16 15:41 . 2012-02-16 15:41 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-02-03 17:29 . 2012-02-03 17:29 -------- d-----w- c:\program files\Common Files\Windows Live
2012-02-01 18:42 . 2012-02-01 18:42 -------- d-----w- c:\documents and settings\Eigenaar\jagexcache
2012-01-30 14:57 . 2012-02-18 11:06 -------- d-----w- c:\documents and settings\HILDE\Mail
2012-01-28 16:27 . 2012-01-28 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2012-01-26 14:30 . 2012-01-26 14:31 -------- d-----w- c:\documents and settings\ALEX.KIDS3\Local Settings\Application Data\AskToolbar
2012-01-26 13:32 . 2012-01-26 13:32 -------- d-----w- c:\documents and settings\HILDE.KIDS3.001\Local Settings\Application Data\AskToolbar
2012-01-26 12:10 . 2012-01-26 15:18 -------- d-----w- c:\program files\Ask.com
2012-01-26 12:10 . 2012-01-26 12:14 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\AskToolbar
2012-01-26 12:10 . 2012-01-26 12:10 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\APN
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-01-15 12:04 . 2012-01-15 12:04 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-01-12 17:20 . 2003-04-08 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2006-06-23 11:29 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2003-04-08 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2003-04-08 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec
2011-11-25 21:57 . 2003-04-08 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\KIDS\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\ALEX.KIDS3\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 06:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
2011-05-23 11:36 2068480 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-23 06:17 136176 ----atw- c:\documents and settings\HILDE.KIDS3.001\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 16:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:03 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
2003-06-20 07:06 118784 -c--a-r- c:\windows\system32\ptipbmf.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"d:\\Pro Cycling Manager - Seizoen 2010\\PCM.exe"=
"d:\\Pro Cycling Manager - Seizoen 2010\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Seizoen 2011\\PCM.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Seizoen 2011\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*

isabled:Windows Remote Management
.
R0 viasraid;viasraid;c:\windows\system32\drivers\vias raid.sys [20/06/2011 8:36 77312]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [18/07/2011 15:30 3332784]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [16/02/2012 22:56 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16/02/2012 22:56 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [16/02/2012 22:56 20568]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/09/2011 15:19 136176]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [20/07/2011 13:06 33536]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/09/2011 15:19 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [17/02/2012 17:03 40776]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/04/2003 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Inhoud van de 'Gedeelde Taken' map
.
2012-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 14:19]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 14:19]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1004Core1cce1ea4cde9d1a.job
- c:\documents and settings\ALEX.KIDS3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 09:21]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1004UA.job
- c:\documents and settings\ALEX.KIDS3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 09:21]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1005Core.job
- c:\documents and settings\HILDE.KIDS3.001\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 06:17]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1005UA.job
- c:\documents and settings\HILDE.KIDS3.001\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 06:17]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1006Core.job
- c:\documents and settings\KIDS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-23 14:19]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1006UA.job
- c:\documents and settings\KIDS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-23 14:19]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-18 21:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
.
C:\## aswSnx private storage
.
Scan succesvol afgerond
verborgen bestanden: 1
.
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\S ystem32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
Voltooingstijd: 2012-02-18 21:19:13
ComboFix-quarantined-files.txt 2012-02-18 20:19
.
Pre-Run: 71.105.921.024 bytes beschikbaar
Post-Run: 71.387.488.256 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 3B2ECB211D71EA0E1EA19CDFA73D0ADF

**Juisterr** · 19 February 2012, 13:28

Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

Folder::
c:\program files\Ask.com
c:\documents and settings\ALEX.KIDS3\Local Settings\Application Data\AskToolbar
c:\documents and settings\HILDE.KIDS3.001\Local Settings\Application Data\AskToolbar

Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

**lex11** · 19 February 2012, 20:16

ComboFix 12-02-13.01 - HILDE 19/02/2012 19:08:09.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.286 [GMT 1:00]
Gestart vanuit: c:\documents and settings\HILDE.KIDS3.001\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\HILDE.KIDS3.001\Bureaublad\CFscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
- VERMINDERDE FUNCTIONALITEIT MODUS -
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-19 to 2012-02-19 ))))))))))))))))))))))))))))))
.
.
2012-02-18 17:25 . 2012-02-19 16:32 -------- d--h--r- c:\documents and settings\HILDE.KIDS3.001\Onlangs geopend
2012-02-18 13:24 . 2012-02-18 13:29 -------- d-----w- C:\Lop SD
2012-02-18 13:15 . 2012-02-18 13:15 -------- d--h--r- c:\documents and settings\KIDS\Onlangs geopend
2012-02-18 13:09 . 2012-02-18 13:09 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend
2012-02-18 13:06 . 2012-02-18 13:06 -------- d--h--r- c:\documents and settings\ALEX.KIDS3\Onlangs geopend
2012-02-18 07:24 . 2012-02-18 07:24 -------- d-sh--w- c:\documents and settings\KIDS\PrivacIE
2012-02-18 07:21 . 2012-02-18 07:21 -------- d-sh--w- c:\documents and settings\KIDS\IETldCache
2012-02-17 17:51 . 2012-02-17 17:51 -------- d-sh--w- c:\documents and settings\ALEX.KIDS3\PrivacIE
2012-02-17 17:49 . 2012-02-17 17:49 -------- d-----w- c:\documents and settings\ALEX.KIDS3\Application Data\Windows Desktop Search
2012-02-17 17:48 . 2012-02-17 17:48 -------- d-sh--w- c:\documents and settings\ALEX.KIDS3\IETldCache
2012-02-17 16:03 . 2012-02-17 16:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-17 15:22 . 2012-02-17 15:22 -------- d-sh--w- c:\documents and settings\HILDE.KIDS3.001\PrivacIE
2012-02-17 15:01 . 2012-02-18 09:18 -------- d-----w- c:\documents and settings\HILDE.KIDS3.001\Local Settings\Application Data\ApplicationHistory
2012-02-17 14:01 . 2012-02-17 14:01 -------- d-----w- c:\documents and settings\HILDE.KIDS3.001\Application Data\Windows Desktop Search
2012-02-17 14:00 . 2012-02-17 14:00 -------- d-sh--w- c:\documents and settings\HILDE.KIDS3.001\IETldCache
2012-02-17 13:04 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-17 12:55 . 2011-12-17 19:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-17 12:55 . 2011-12-17 19:42 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-17 12:55 . 2011-12-17 19:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-17 12:35 . 2012-02-17 15:00 -------- d-----w- c:\program files\Microsoft Silverlight
2012-02-17 12:05 . 2012-02-17 12:05 -------- d-----w- c:\windows\system32\winrm
2012-02-17 12:03 . 2012-02-17 12:03 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Windows Desktop Search
2012-02-17 11:55 . 2011-12-17 19:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-17 11:55 . 2011-12-17 19:42 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-17 11:55 . 2011-12-17 19:42 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-02-17 11:55 . 2011-12-16 12:22 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2012-02-17 11:55 . 2011-12-18 13:42 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-02-17 11:55 . 2009-03-08 03:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2012-02-17 11:55 . 2009-03-08 03:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2012-02-17 11:39 . 2012-02-17 11:39 -------- d-----w- c:\windows\system32\URTTEMP
2012-02-17 09:34 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2012-02-16 21:56 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-16 21:56 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-16 21:56 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-16 21:56 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-16 21:56 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-16 21:56 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-02-16 21:56 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-02-16 21:56 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-16 21:56 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-16 21:56 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-16 21:21 . 2012-02-17 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-02-16 21:15 . 2012-02-16 21:51 -------- d-----w- c:\program files\SpywareBlaster
2012-02-16 15:50 . 2012-02-16 15:50 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-16 15:41 . 2012-02-16 15:41 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-02-03 17:29 . 2012-02-03 17:29 -------- d-----w- c:\program files\Common Files\Windows Live
2012-02-01 18:42 . 2012-02-01 18:42 -------- d-----w- c:\documents and settings\Eigenaar\jagexcache
2012-01-30 14:57 . 2012-02-18 11:06 -------- d-----w- c:\documents and settings\HILDE\Mail
2012-01-28 16:27 . 2012-01-28 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2012-01-26 14:30 . 2012-01-26 14:31 -------- d-----w- c:\documents and settings\ALEX.KIDS3\Local Settings\Application Data\AskToolbar
2012-01-26 13:32 . 2012-01-26 13:32 -------- d-----w- c:\documents and settings\HILDE.KIDS3.001\Local Settings\Application Data\AskToolbar
2012-01-26 12:10 . 2012-01-26 15:18 -------- d-----w- c:\program files\Ask.com
2012-01-26 12:10 . 2012-01-26 12:14 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\AskToolbar
2012-01-26 12:10 . 2012-01-26 12:10 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\APN
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-01-15 12:04 . 2012-01-15 12:04 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-01-12 17:20 . 2003-04-08 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2006-06-23 11:29 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2003-04-08 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2003-04-08 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec
2011-11-25 21:57 . 2003-04-08 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\KIDS\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\ALEX.KIDS3\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 06:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
2011-05-23 11:36 2068480 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-23 06:17 136176 ----atw- c:\documents and settings\HILDE.KIDS3.001\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 16:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:03 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
2003-06-20 07:06 118784 -c--a-r- c:\windows\system32\ptipbmf.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"d:\\Pro Cycling Manager - Seizoen 2010\\PCM.exe"=
"d:\\Pro Cycling Manager - Seizoen 2010\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Seizoen 2011\\PCM.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Seizoen 2011\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*

isabled:Windows Remote Management
.
R0 viasraid;viasraid;c:\windows\system32\drivers\vias raid.sys [20/06/2011 8:36 77312]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [18/07/2011 15:30 3332784]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [16/02/2012 22:56 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16/02/2012 22:56 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [16/02/2012 22:56 20568]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/09/2011 15:19 136176]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [20/07/2011 13:06 33536]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/09/2011 15:19 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [17/02/2012 17:03 40776]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/04/2003 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Inhoud van de 'Gedeelde Taken' map
.
2012-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 14:19]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 14:19]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1004Core1cce1ea4cde9d1a.job
- c:\documents and settings\ALEX.KIDS3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 09:21]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1004UA.job
- c:\documents and settings\ALEX.KIDS3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 09:21]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1005Core.job
- c:\documents and settings\HILDE.KIDS3.001\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 06:17]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1005UA.job
- c:\documents and settings\HILDE.KIDS3.001\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 06:17]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1006Core.job
- c:\documents and settings\KIDS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-23 14:19]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-725345543-522896533-1006UA.job
- c:\documents and settings\KIDS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-23 14:19]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-19 19:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
.
C:\## aswSnx private storage
.
Scan succesvol afgerond
verborgen bestanden: 1
.
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\S ystem32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(1020)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2012-02-19 19:14:34
ComboFix-quarantined-files.txt 2012-02-19 18:14
.
Pre-Run: 71.158.439.936 bytes beschikbaar
Post-Run: 71.139.614.720 bytes beschikbaar
.
- - End Of File - - 4C8FE9E3E7984F4CF0335065E20353CF