Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Administratie rechten afgenomen.

None
9 antwoorden
  • Hallo, sinds kort zijn mijn administratie rechten ineens weg (en aangezien dit mijn PC is en er niemand anders gebruikt van maakt zou niet zo moeten zijn).
    Ook zijn mijn programma's ineens weg, en heb ik een of ander 'Virus Alert' staan naast mijn klokje.

    Screenshot:
    Startbalk:
    http://img373.imageshack.us/img373/6876/buildpf8.png
    Administratie Rechten:
    http://img236.imageshack.us/img236/8540/buildrgu4.png

    Hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:20: VIRUS ALERT!, on 24-7-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    D:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\WebcamMax\wcmmon.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\program files\steam\steam.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    D:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32
    tvdm.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll (file missing)
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [a0ec7ff2] rundll32.exe "C:\WINDOWS\system32
    wxdnvwa.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Mopy Points Collector.lnk = C:\MOPYFISH\GETPOINT.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = D:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O21 - SSODL: kvxqmtre - {348B82A6-4F52-47B9-9F5E-EE816BEE173B} - C:\WINDOWS\kvxqmtre.dll (file missing)
    O21 - SSODL: evgratsm - {3DFCA451-4DE7-4DE7-94C2-5CA961632451} - C:\WINDOWS\evgratsm.dll (file missing)
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
  • eerst je avg updaten door rechts klikken op het icoontje.
  • Daar was ik ondertussen ook al mee bezig ;)
  • Hoi Renax,

    we zullen dit varkentje wel even wassen.

    1)Start HijackThis op.
    - Kies nu voor [b:67edb6f0b7]"Do a system scan only.[/b:67edb6f0b7].
    - Zet nu een vinkje voor de volgende items:[list:67edb6f0b7]
    [*:67edb6f0b7] O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll (file missing)
    [*:67edb6f0b7] O4 - HKLM\..\Run: [a0ec7ff2] rundll32.exe "C:\WINDOWS\system32
    wxdnvwa.dll",b
    [*:67edb6f0b7]O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    [*:67edb6f0b7]O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    [*:67edb6f0b7]O21 - SSODL: kvxqmtre - {348B82A6-4F52-47B9-9F5E-EE816BEE173B} - C:\WINDOWS\kvxqmtre.dll (file missing)
    [*:67edb6f0b7]O21 - SSODL: evgratsm - {3DFCA451-4DE7-4DE7-94C2-5CA961632451} - C:\WINDOWS\evgratsm.dll (file missing)
    [/list:u:67edb6f0b7]
    - Sluit nu alle vensters behalve die van HijackThis en kies nu voor [b:67edb6f0b7] "fix checked[/b:67edb6f0b7]".

    2) Herstart je computer.

    3) Download [b:67edb6f0b7]MalwareBytes' Anti-Malware[/color:67edb6f0b7][/b:67edb6f0b7] en sla het op je bureaublad op.
    Dubbelklik op [b:67edb6f0b7]mbam-setup.exe[/b:67edb6f0b7] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:67edb6f0b7][*:67edb6f0b7]Update MalwareBytes' Anti-Malware
    [*:67edb6f0b7]Start MalwareBytes' Anti-Malware
    [/list:u:67edb6f0b7]Klik daarna op "[b:67edb6f0b7]Voltooien[/b:67edb6f0b7]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:67edb6f0b7][*:67edb6f0b7]Zodra het programma gestart is, ga dan naar het tabblad "[b:67edb6f0b7]Instellingen[/b:67edb6f0b7]".
    [*:67edb6f0b7]Vink hier aan: "[b:67edb6f0b7]Sluit Internet Explorer tijdens verwijdering van malware[/b:67edb6f0b7]".
    [*:67edb6f0b7]Ga daarna naar het tabblad "[b:67edb6f0b7]Scanner[/b:67edb6f0b7]", kies hier voor "[b:67edb6f0b7]Snelle Scan[/b:67edb6f0b7]".
    [*:67edb6f0b7]Druk vervolgens op "[b:67edb6f0b7]Scannen[/b:67edb6f0b7]" om de scan te starten.
    [*:67edb6f0b7]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:67edb6f0b7]Wanneer de scan voltooid is, klik op [b:67edb6f0b7]OK[/b:67edb6f0b7], daarna "[b:67edb6f0b7]Bekijk Resultaten[/b:67edb6f0b7]" om de resultaten te zien.
    [*:67edb6f0b7]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:67edb6f0b7]Verwijder geselecteerde[/b:67edb6f0b7]".
    [*:67edb6f0b7]Na het verwijderen zal een log openen, indien er gevraagd wordt om je computer te herstarten moet je dit toestaan.
    Dit is namelijk noodzakelijk om sommige infecties te kunnen verwijderen
    [/list:u:67edb6f0b7]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:67edb6f0b7]Logs[/b:67edb6f0b7]" tab te klikken in het programma. Post dit logje in je volgende reactie.

    4) Volg deze instructies om [b:67edb6f0b7]Combofix [/b:67edb6f0b7]te downloaden :
    Voer de instructies op de BleepingComputer pagina uit, [i:67edb6f0b7]inclusief het installeren van de XP Recovery Console [/i:67edb6f0b7]
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
    schakel dan deze scanner uit en [b:67edb6f0b7]download Combofix opnieuw[/b:67edb6f0b7].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op [b:67edb6f0b7]Combofix.exe [/b:67edb6f0b7]
    Volg de instructies en aanvaard de disclaimer.
    Tijdens het runnen van de fix, [b:67edb6f0b7]NIET[/b:67edb6f0b7] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:67edb6f0b7]Combofix.txt [/b:67edb6f0b7]openen.

    5) Mag ik de logjes van MBAM en Combofix van je te samen met een nieuw Hiajckthis logje.

    Groetjes,

    Roelof
  • [quote:78fe508269="roelof2"]Hoi Renax,

    we zullen dit varkentje wel even wassen.

    1)Start HijackThis op.
    - Kies nu voor [b:78fe508269]"Do a system scan only.[/b:78fe508269].
    - Zet nu een vinkje voor de volgende items:[list:78fe508269]
    [*:78fe508269] O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll (file missing)
    [*:78fe508269] O4 - HKLM\..\Run: [a0ec7ff2] rundll32.exe "C:\WINDOWS\system32
    wxdnvwa.dll",b
    [*:78fe508269]O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    [*:78fe508269]O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    [*:78fe508269]O21 - SSODL: kvxqmtre - {348B82A6-4F52-47B9-9F5E-EE816BEE173B} - C:\WINDOWS\kvxqmtre.dll (file missing)
    [*:78fe508269]O21 - SSODL: evgratsm - {3DFCA451-4DE7-4DE7-94C2-5CA961632451} - C:\WINDOWS\evgratsm.dll (file missing)
    [/list:u:78fe508269]
    - Sluit nu alle vensters behalve die van HijackThis en kies nu voor [b:78fe508269] "fix checked[/b:78fe508269]".
    [/quote:78fe508269]

    Toen ik Fix Checked klikte kwam er: Registry editing has been disabled by your administrator.
    (Ik ga nu effe de rest doen dus don't worry.
  • Logs:

    Anti Malware:
    [code:1:a996fa5515]
    Malwarebytes' Anti-Malware 1.23
    Database versie: 986
    Windows 5.1.2600 Service Pack 2

    19:28:46 24-7-2008
    mbam-log-7-24-2008 (19-28-46).txt

    Scan type: Snelle Scan
    Objecten gescand: 50740
    Verstreken tijd: 7 minute(s), 32 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 2
    Registersleutels geïnfecteerd: 17
    Registerwaarden geïnfecteerd: 1
    Registerdata bestanden geïnfecteerd: 18
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 25

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    C:\WINDOWS\system32\efcYOfDu.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\pmnKaxyA.dll (Trojan.Vundo) -> Delete on reboot.

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00b8e09b-5cd6-4462-8e09-11d58a269337} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00b8e09b-5cd6-4462-8e09-11d58a269337} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74c3d78a-a8bf-445d-8d8c-015b1e7e09dc} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{74c3d78a-a8bf-445d-8d8c-015b1e7e09dc} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{6230596f-3a44-4cdf-815b-372fa03c75d6} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6230596f-3a44-4cdf-815b-372fa03c75d6} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnkaxya (Trojan.Vundo) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 pro (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6230596f-3a44-4cdf-815b-372fa03c75d6} (Trojan.Vundo) -> Delete on reboot.

    Registerdata bestanden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcyofdu -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcyofdu -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76487-640-8365391-23401) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (H:mm:ss) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    C:\WINDOWS\system32\edfmjy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\efcYOfDu.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\uDfOYcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uDfOYcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32
    qeekkxt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\txkkeeqn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnKaxyA.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\jooopykd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gnrjucvv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqPhEur.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXPJCTL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ynarqg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\woirah.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32
    gcyyeqg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32
    nnnNFYQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jaeden\Local Settings\Temporary Internet Files\Content.IE5\6MVQDULI\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jaeden\Local Settings\Temporary Internet Files\Content.IE5\RDJMIYPR\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jaeden\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jaeden\Application Data\TmpRecentIcons\antivirus-2008pro.lnk (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jaeden\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jaeden\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jaeden\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jaeden\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jaeden\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jaeden\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    [/code:1:a996fa5515]

    Combofix (Ja ik heb de recovery console niet geïnstalleerd aangezien ik de instalatie 'readme' niet kon uitvoeren, verder don't ask.)

    ComboFix 08-07-23.5 - Jaeden 2008-07-24 19:39:34.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1510 [GMT 2:00]
    Running from: C:\Documents and Settings\Jaeden\Desktop\ComboFix.exe
    * Created a new restore point
    * Resident AV is active


    [b:a996fa5515]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b:a996fa5515][/color:a996fa5515]
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\awvndxwn.ini
    C:\WINDOWS\system32\btfunc.dll
    C:\WINDOWS\system32\dmdjbthp.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\tmp37.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))
    .

    2008-07-24 19:17 . 2008-07-24 19:17 <DIR> d——– C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-24 19:17 . 2008-07-24 19:17 <DIR> d——– C:\Documents and Settings\Jaeden\Application Data\Malwarebytes
    2008-07-24 19:17 . 2008-07-24 19:17 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2008-07-24 19:17 . 2008-07-23 20:09 38,472 –a—— C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-07-24 19:17 . 2008-07-23 20:09 17,144 –a—— C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-24 10:20 . 2008-07-24 10:20 <DIR> d——– C:\Program Files\Trend Micro
    2008-07-24 01:08 . 2008-07-24 01:08 12,936 –a—— C:\WINDOWS\system32\drivers\avgrkx86.sys
    2008-07-24 01:02 . 2008-07-24 19:39 <DIR> d–h-c— C:\$AVG8.VAULT$
    2008-07-24 00:42 . 2008-07-24 11:37 <DIR> d——– C:\WINDOWS\system32\drivers\Avg
    2008-07-24 00:42 . 2008-07-24 00:50 <DIR> d——– C:\Documents and Settings\Jaeden\Application Data\AVGTOOLBAR
    2008-07-24 00:42 . 2008-07-24 00:42 96,520 –a—— C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-07-24 00:42 . 2008-07-24 00:42 76,040 –a—— C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-07-24 00:42 . 2008-07-24 00:42 10,520 –a—— C:\WINDOWS\system32\avgrsstx.dll
    2008-07-24 00:40 . 2008-07-24 00:40 <DIR> d——– C:\Program Files\AVG
    2008-07-24 00:40 . 2008-07-24 00:51 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
    2008-07-23 19:40 . 2008-07-23 19:40 0 –a—— C:\WINDOWS\WoWEmuHackSettings.ini
    2008-07-21 17:02 . 2008-07-21 17:02 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Codemasters
    2008-07-21 16:58 . 2008-07-21 16:58 <DIR> d——– C:\Program Files\OpenAL
    2008-07-21 16:58 . 2008-04-28 15:53 805,400 -ra—— C:\WINDOWS\system32\tmpD5.tmp
    2008-07-21 16:58 . 2008-04-28 15:53 805,400 -ra—— C:\WINDOWS\system32\tmpD4.tmp
    2008-07-21 16:33 . 2008-07-21 19:26 <DIR> d——– C:\Program Files\SubRip
    2008-07-21 14:21 . 2008-07-21 14:21 46,905 –a—— C:\WINDOWS\vdj.eq
    2008-07-21 14:19 . 2005-11-30 21:20 2,314,332 –a—— C:\WINDOWS\system32\LIBMMD.DLL
    2008-07-21 14:19 . 2000-05-21 22:00 1,066,176 –a—— C:\WINDOWS\system32\mscomctl.ocx
    2008-07-21 14:19 . 2000-05-21 22:00 647,872 –a—— C:\WINDOWS\system32\mscomct2.ocx
    2008-07-21 14:19 . 1998-06-23 22:00 609,584 –a—— C:\WINDOWS\system32\comctl32.ocx
    2008-07-21 14:19 . 2001-03-13 11:49 120,320 –a—— C:\WINDOWS\system32\comdlg32.ocx
    2008-07-21 14:19 . 2000-05-22 15:58 115,920 –a—— C:\WINDOWS\system32\msinet.ocx
    2008-07-19 22:21 . 2008-07-19 22:37 <DIR> d——– C:\Program Files\Ascent DB Editor
    2008-07-16 19:53 . 2008-07-24 19:09 <DIR> d——– C:\Documents and Settings\Jaeden\Application Data\skypePM
    2008-07-16 19:53 . 2008-07-16 19:53 56 –ah—– C:\WINDOWS\system32\ezsidmv.dat
    2008-07-16 19:52 . 2008-07-24 19:34 <DIR> d——– C:\Documents and Settings\Jaeden\Application Data\Skype
    2008-07-16 19:51 . 2008-07-16 19:51 <DIR> d——– C:\Program Files\Skype
    2008-07-16 19:51 . 2008-07-16 19:51 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
    2008-07-16 01:09 . 2008-07-16 01:09 42,320 –a—— C:\WINDOWS\system32\xfcodec.dll
    2008-07-09 12:48 . 2008-07-22 15:51 8 –a—— C:\WINDOWS\system32
    vModes.dat
    2008-07-08 22:05 . 2008-07-08 22:05 <DIR> d—-c— C:\Logs
    2008-07-08 19:58 . 2008-07-08 19:58 <DIR> d——– C:\Program Files\Medieval Software
    2008-07-08 01:42 . 2008-07-08 01:42 0 –a—— C:\WINDOWS
    sreg.dat
    2008-07-07 18:43 . 2008-07-07 18:43 <DIR> d——– C:\WINDOWS\system32
    l-NL
    2008-07-07 18:41 . 2008-07-07 18:41 <DIR> d——– C:\Program Files\Reference Assemblies
    2008-07-07 18:41 . 2008-07-07 18:41 <DIR> d——– C:\Program Files\MSBuild
    2008-07-07 18:41 . 2006-06-29 13:07 14,048 ——— C:\WINDOWS\system32\spmsg2.dll
    2008-07-07 18:38 . 2008-07-07 18:38 <DIR> d——– C:\Program Files\MSXML 6.0
    2008-07-07 18:34 . 2006-04-13 11:30 1,073,152 –a—— C:\WINDOWS\system32\libmysql_c.dll
    2008-07-07 11:25 . 2008-04-23 06:16 6,066,176 —–c— C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-07-07 11:25 . 2007-04-17 11:32 2,455,488 —–c— C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-07-07 11:25 . 2007-03-08 07:10 991,232 —–c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-07-07 11:25 . 2008-04-23 06:16 459,264 —–c— C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-07-07 11:25 . 2008-04-23 06:16 383,488 —–c— C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-07-07 11:25 . 2008-04-23 06:16 267,776 —–c— C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-07-07 11:25 . 2008-04-23 06:16 63,488 —–c— C:\WINDOWS\system32\dllcache\icardie.dll
    2008-07-07 11:25 . 2008-04-23 06:16 52,224 —–c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-07-07 11:25 . 2008-04-22 09:39 13,824 —–c— C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-07-07 02:05 . 2008-07-24 19:32 <DIR> d–h—– C:\WINDOWS\FlyakiteOSX
    2008-07-07 02:05 . 2006-08-09 20:58 218,624 –a—— C:\WINDOWS\system32\uxtheme.backup
    2008-07-07 01:13 . 2008-07-07 01:13 <DIR> d——– C:\Program Files\TeamViewer3
    2008-07-07 00:51 . 2008-07-08 13:53 48 –a—— C:\WINDOWS\scmate.ini
    2008-07-07 00:48 . 2008-07-07 00:48 <DIR> d—-c— C:\sheep
    2008-07-07 00:48 . 2008-07-07 00:48 <DIR> d——– C:\Program Files\Common Files\Sheepshead
    2008-07-07 00:46 . 2008-07-07 00:45 14,320 –a—— C:\WINDOWS\MOPYFISH.SCR
    2008-07-07 00:46 . 2008-07-07 00:45 10,944 –a—— C:\WINDOWS\BYEFISH.EXE
    2008-07-07 00:42 . 2008-07-24 19:32 <DIR> d—-c— C:\MOPYFISH
    2008-07-07 00:42 . 2008-07-08 13:50 47 –a—— C:\WINDOWS\mopyfish.ini
    2008-07-06 16:10 . 2008-07-06 16:10 <DIR> d——– C:\Documents and Settings\NetworkService.NT AUTHORITY.003\Application Data\Xfire
    2008-07-06 12:59 . 2008-07-06 12:59 <DIR> d——– C:\Documents and Settings\LocalService.NT AUTHORITY.003\Application Data\Xfire
    2008-07-06 12:52 . 2008-07-24 19:28 <DIR> d——– C:\Documents and Settings\Jaeden\Application Data\Xfire
    2008-07-06 11:24 . 2008-07-06 11:28 23,392 –a—— C:\WINDOWS\system32
    scompat.tlb
    2008-07-06 11:24 . 2008-07-06 11:28 16,832 –a—— C:\WINDOWS\system32\amcompat.tlb
    2008-07-06 10:44 . 2008-06-16 19:28 221,184 –a—— C:\WINDOWS\system32\wmpns.dll
    2008-07-06 10:43 . 2008-07-06 11:28 <DIR> d——– C:\Program Files\Windows Media Connect 2
    2008-07-06 10:41 . 2008-07-06 10:42 <DIR> d——– C:\WINDOWS\system32\drivers\UMDF
    2008-07-06 01:26 . 2008-07-21 23:50 136,888 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-07-06 01:25 . 2008-07-21 23:49 111,928 –a—— C:\WINDOWS\system32\PnkBstrB.exe
    2008-07-06 01:25 . 2008-07-07 19:44 66,872 –a—— C:\WINDOWS\system32\PnkBstrA.exe
    2008-07-06 01:25 . 2008-07-06 01:25 22,328 –a—— C:\Documents and Settings\Jaeden\Application Data\PnkBstrK.sys
    2008-07-06 01:25 . 2008-07-06 01:25 319 –a—— C:\WINDOWS\game.ini
    2008-07-05 14:56 . 2008-07-22 18:13 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
    2008-07-04 17:17 . 2008-07-04 17:17 <DIR> d——– C:\Program Files\AC3Filter
    2008-07-04 17:17 . 2003-08-19 09:20 180,224 –a—— C:\WINDOWS\system32\ac3filter.cpl
    2008-07-02 14:36 . 2008-07-02 14:36 <DIR> d——– C:\Documents and Settings\Jaeden\Application Data\Propellerhead Software
    2008-07-02 13:09 . 2008-07-02 13:09 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
    2008-07-02 11:09 . 2008-07-02 11:09 <DIR> d——– C:\Program Files\Common Files\Control Panels
    2008-07-02 11:04 . 2008-07-02 11:04 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\ALM
    2008-07-02 10:35 . 2008-07-02 20:21 23 –a—— C:\WINDOWS\BlendSettings.ini
    2008-07-02 10:34 . 2008-07-02 10:34 <DIR> d——– C:\Program Files\QuickTime
    2008-07-02 10:22 . 2007-02-20 16:04 2,463,976 –a—— C:\WINDOWS\system32\NPSWF32.dll
    2008-07-02 10:22 . 2007-02-20 16:04 190,696 –a—— C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-07-02 10:05 . 2008-07-02 10:05 <DIR> d——– C:\Program Files\Bonjour
    2008-07-02 01:30 . 2008-07-02 01:30 <DIR> d–h—– C:\Program Files\InstallJammer Registry
    2008-07-02 01:30 . 2008-07-02 01:30 <DIR> d——– C:\Program Files\Bloody Bastard
    2008-07-01 00:24 . 2008-07-23 23:23 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
    2008-06-27 13:13 . 2008-06-27 13:13 <DIR> d——– C:\Program Files\AKVIS
    2008-06-27 09:43 . 2008-06-27 09:43 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Webcammax
    2008-06-27 09:42 . 2008-06-27 09:44 <DIR> d——– C:\Program Files\WebcamMax
    2008-06-26 22:46 . 2004-08-03 23:08 26,496 –a–c— C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-06-26 19:22 . 2002-01-05 15:37 344,064 –a—— C:\WINDOWS\system32\msvcr70.dll
    2008-06-26 09:08 . 2008-06-26 09:08 <DIR> d——– C:\Documents and Settings\All Users
    2008-06-25 19:27 . 2008-06-25 19:28 <DIR> d——– C:\Documents and Settings\Jaeden\Application Data\Webcammax
    2008-06-25 19:27 . 2008-07-07 17:46 197 –ahs—- C:\Program Files\Common Files\maxtreme.dat
    2008-06-25 08:17 . 2008-06-25 08:17 <DIR> d——– C:\Program Files\Ventrilo
    2008-06-25 08:17 . 2008-06-25 08:18 <DIR> d——– C:\Documents and Settings\Jaeden\Application Data\Ventrilo

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-24 17:33 196,608 —-a-w C:\WINDOWS\system32\drivers
    Standard.bin
    2008-07-23 07:46 ——— d—–w C:\Program Files\Xfire
    2008-07-22 23:29 997,486 —-a-w C:\Program Files\Ascent DB Editor.rar
    2008-07-22 19:36 ——— d—–w C:\Documents and Settings\Jaeden\Application Data\uTorrent
    2008-07-21 14:37 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-07-20 11:17 ——— d—–w C:\Documents and Settings\Jaeden\Application Data\LimeWire
    2008-07-06 15:22 ——— d—–w C:\Program Files\Common Files\Blizzard Entertainment
    2008-07-05 12:55 ——— d—–w C:\Program Files\MSN Messenger
    2008-07-05 12:55 ——— d—–w C:\Program Files\Messenger Plus! Live
    2008-07-05 12:53 ——— d—–w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
    2008-07-02 09:09 ——— d—–w C:\Program Files\Common Files\Adobe
    2008-06-30 22:26 ——— d—–w C:\Program Files\Google
    2008-06-26 17:22 ——— d—–w C:\Program Files\Common Files\DVDVideoSoft
    2008-06-22 19:58 ——— d—–w C:\Program Files\Hyves Kwekker
    2008-06-22 18:52 ——— d—–w C:\Program Files\Java
    2008-06-22 15:36 ——— d—a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2008-06-22 13:40 ——— d—–w C:\Program Files\CAPCOM
    2008-06-20 17:41 245,248 —-a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 16:00 ——— d—–w C:\Program Files\RAR Password Cracker
    2008-06-20 13:22 21,840 —-atw C:\WINDOWS\system32\SIntfNT.dll
    2008-06-20 13:22 17,212 —-atw C:\WINDOWS\system32\SIntf32.dll
    2008-06-20 13:22 12,067 —-atw C:\WINDOWS\system32\SIntf16.dll
    2008-06-20 13:08 ——— d—–w C:\Program Files\DAEMON Tools Lite
    2008-06-20 12:44 717,296 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-20 12:44 ——— d—–w C:\Documents and Settings\Jaeden\Application Data\DAEMON Tools
    2008-06-20 10:45 360,320 —-a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 —-a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 —-a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-19 19:32 ——— d—–w C:\Documents and Settings\Jaeden\Application Data\TeamViewer
    2008-06-19 07:04 ——— d—–w C:\Program Files\Image-Line
    2008-06-19 06:31 ——— d—–w C:\Program Files\uTorrent
    2008-06-18 16:32 ——— d—–w C:\Documents and Settings\All Users.WINDOWS\Application Data\Bluetooth
    2008-06-18 16:23 ——— d—–w C:\Program Files\Common Files\Steinberg
    2008-06-18 16:23 ——— d—–w C:\Documents and Settings\Jaeden\Application Data\Steinberg
    2008-06-18 13:07 ——— d—–w C:\Program Files\Native Instruments
    2008-06-18 12:53 ——— d—–w C:\Program Files\Outsim
    2008-06-17 05:51 ——— d—–w C:\Documents and Settings\All Users.WINDOWS\Application Data
    View_Profiles
    2008-06-16 19:56 ——— d—–w C:\Program Files\Yahoo!
    2008-06-16 19:52 ——— d—–w C:\Program Files\My Company Name
    2008-06-16 19:50 ——— d—–w C:\Program Files\ASUS
    2008-06-16 19:47 ——— d—–w C:\Program Files\SystemRequirementsLab
    2008-06-16 19:03 ——— d—–w C:\Program Files\VIA
    2008-06-16 19:02 ——— d—–w C:\Program Files\Realtek
    2008-06-16 17:27 994,304 —-a-w C:\WINDOWS\system32\msgina.dll
    2008-06-16 17:26 99,840 —-a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
    2008-06-16 17:25 98,304 —-a-w C:\WINDOWS\system32\cscript.exe
    2008-06-16 12:33 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2008-06-14 17:01 ——— d—–w C:\Program Files\Windows Live
    2008-06-13 13:10 272,128 ——w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-12 06:28 56,108 —-a-w C:\WINDOWS\system32\drivers\scdemu.sys
    2008-05-28 18:42 ——— d—–w C:\Program Files\Common Files\Skype
    2008-05-28 14:17 ——— d—–w C:\Program Files\Common Files\TechSmith Shared
    2008-05-26 09:53 ——— d—–w C:\Program Files\Common Files\Stardock
    2008-05-07 05:18 1,287,680 —-a-w C:\WINDOWS\system32\quartz.dll
    2008-04-30 15:27 442,368 —-a-w C:\WINDOWS\system32\NVUNINST.EXE
    .
    [code:1:a996fa5515]<pre>
    —-a-w 132,496 2008-01-12 09:21:55 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 5,674,352 2008-01-12 09:22:39 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    </pre>[/code:1:a996fa5515]


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-06-16 19:25 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "Steam"="d:\program files\steam\steam.exe" [2008-06-17 15:31 1271032]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-23 08:48 68856]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "WebcamMaxMoniter"="C:\Program Files\WebcamMax\wcmmon.exe" [2008-02-09 06:58 456024]
    "Acrobat Assistant 8.0"="D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
    "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
    "System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 01:41 118485]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-24 00:42 1232152]
    "SkyTel"="SkyTel.EXE" [2006-05-16 05:04 2879488 C:\WINDOWS\SkyTel.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-09-12 03:58 16264192 C:\WINDOWS\RTHDCPL.exe]
    "nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32
    wiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-06-16 19:25 15360]

    C:\Documents and Settings\Jaeden\Start Menu\Programs\Startup\
    Mopy Points Collector.lnk - C:\MOPYFISH\GETPOINT.EXE [2008-07-07 00:45:02 39612]

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
    BlueSoleil.lnk - D:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe [2006-07-16 17:33:36 626176]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll
    "msacm.fraunhoferacm"= l3codecp.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamerOSD]
    –a—— 2007-02-14 09:42 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Program Files\\Sitecom\\IVT BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "D:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "D:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-24 00:42]
    R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-24 00:42]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-24 00:42]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-24 00:42]
    R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2008-03-11 15:14]
    R3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 16:04]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]
    S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    .
    ——- Supplementary Scan ——-
    .
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    O8 -: Append to existing PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 -: Convert link target to Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 -: Convert link target to existing PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 -: Convert selected links to Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 -: Convert selected links to existing PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 -: Convert selection to Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 -: Convert selection to existing PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 -: Convert to Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

    O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://dev.srtest.com/srl_bin/sysreqlab3.cab
    C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
    C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-24 19:42:36
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-07-24 19:45:23
    ComboFix-quarantined-files.txt 2008-07-24 17:45:10

    Pre-Run: 19,229,143,040 bytes free
    Post-Run: 19,746,680,832 bytes free

    286 — E O F — 2008-07-08 23:48:46



    En een nieuw HijackThis logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:48:26, on 24-7-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    D:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\WebcamMax\wcmmon.exe
    D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Mopy Points Collector.lnk = C:\MOPYFISH\GETPOINT.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = D:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
    O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


    End of file - 9588 bytes
  • Hoi,

    Alles ziet er weer schoon uit.
    Hoe is het nu met je problemen ?

    Roelof
  • Nergens meer last van + me pc is net wat sneller dan eerst.
    Hartstikke bedankt!

    En voortaan word zondag avond mijn virus/spyware/malware scan avondje :oops:
  • Mooi,

    Als laatste kan ik je dan deze tips aanbieden.

    Misschien dat je er wat aan hebt.

    Roelof

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.