Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

trojan.vundo

None
14 antwoorden
  • Hoi,

    ik heb sinds een aantal dagen last van een trojan.vundo.Mijn anti-virusprogramma heeft onderdeel "auto-protect" disabled, als ik op internet ga, wordt er vaak een automatisch internetadres opgestart met de melding dat ik een virus heb en dat ik gegevens moet downloaden. De Media-player heb ik opnieuw moeten installeren etc. etc.
    Ik ben dus dringend op zoek naar hulp.
    Ik heb het o.a. programma vundoFix gedraaid. Onderstaand het log-bestand:

    VundoFix V7.0.6

    Scan started at 20:21:27 14-6-2009

    Listing files found while scanning….

    C:\Windows\system32\ktddlxis.ini
    C:\Windows\system32\sixlddtk.dll
    C:\Windows\system32\tlknuycf.dll

    Beginning removal…

    Attempting to delete C:\Windows\system32\ktddlxis.ini
    C:\Windows\system32\ktddlxis.ini Has been deleted!

    Attempting to delete C:\Windows\system32\sixlddtk.dll
    C:\Windows\system32\sixlddtk.dll Has been deleted!

    Attempting to delete C:\Windows\system32\tlknuycf.dll
    C:\Windows\system32\tlknuycf.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V7.0.6

    Scan started at 20:51:36 14-6-2009

    Listing files found while scanning….

    C:\Windows\system32\tlknuycf.dll

    Beginning removal…

    Attempting to delete C:\Windows\system32\tlknuycf.dll
    C:\Windows\system32\tlknuycf.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal…

    Attempting to delete C:\Windows\system32\tlknuycf.dll
    C:\Windows\system32\tlknuycf.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V7.0.6

    Scan started at 21:52:15 14-6-2009

    Listing files found while scanning….

    C:\Windows\system32\tlknuycf.dll

    Beginning removal…

    Attempting to delete C:\Windows\system32\tlknuycf.dll
    C:\Windows\system32\tlknuycf.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal…

    Attempting to delete C:\Windows\system32\tlknuycf.dll
    C:\Windows\system32\tlknuycf.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Daarna stap 1 t/m 4 uit het stappenplan van Hijackthislog uitgevoerd.
    Resultaat:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:31:30, on 15-6-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\PackethSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Toepassingen\I-pod\I-tunes\iTunesHelper.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\@home\bin\tgcmd.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ziggo.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {045FBE85-378D-498A-ACDD-8A80A92ECA41} - C:\WINDOWS\system32\tlknuycf.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9DB64C21-2793-48A6-B598-0A6E3190AB97} - C:\WINDOWS\system32\efcccyx.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {E0D8DDB0-9120-4C53-B468-2C8E17E2E000} - c:\windows\system32\kwzyuef.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [ccApp] -
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Toepassingen\I-pod\I-tunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [hcenter] "C:\Program Files\@home\bin\tgcmd.exe" /server /startmonitor
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www8.agame.com/games/shockwave/m/My3DRoom/My3DRoom_girlsgogames_nl.htm"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: santa.bat
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183487790968
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} (Cebra Virtuocity Client) - http://www.virtuocity.eu/download/v223/virtuocity.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D5F5F4B-C6A1-4B9E-9DD8-7E8D580514C6}: NameServer = 192.168.1.1,192.168.1.49
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: awvtq - C:\WINDOWS\system32\awvtq.dll (file missing)
    O20 - Winlogon Notify: efcccyx - efcccyx.dll (file missing)
    O20 - Winlogon Notify: gbfebeuj - C:\WINDOWS\SYSTEM32\kwzyuef.dll
    O20 - Winlogon Notify: winnkw32 - winnkw32.dll (file missing)
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common\Database\bin\fbserver.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 13862 bytes

    Ook MalwareBytes Anti-malware programma gedraaid, dit is het resultaat:
    Malwarebytes' Anti-Malware 1.37
    Database versie: 2282
    Windows 5.1.2600 Service Pack 3

    15-6-2009 14:47:14
    mbam-log-2009-06-15 (14-47-14).txt

    Scan type: Snelle Scan
    Objecten gescand: 101566
    Verstreken tijd: 5 minute(s), 7 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 1
    Registersleutels geïnfecteerd: 26
    Registerwaarden geïnfecteerd: 1
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 86

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    C:\WINDOWS\system32\tlknuycf.dll (Trojan.Vundo.H) -> Delete on reboot.

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9db64c21-2793-48a6-b598-0a6e3190ab97} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcccyx (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9db64c21-2793-48a6-b598-0a6e3190ab97} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{045fbe85-378d-498a-acdd-8a80a92eca41} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{045fbe85-378d-498a-acdd-8a80a92eca41} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{045fbe85-378d-498a-acdd-8a80a92eca41} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winnkw32 (Dialer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PSRV (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    C:\WINDOWS\system32\efcccyx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tlknuycf.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\winnkw32.dll (Dialer) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dhcpsapi32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drmstor32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\autodisc32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\confmsp32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DHCPMON32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cfgmgr3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\cdm3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dot3api32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dmstyle32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ds16gt32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\batmeter32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\COMSNAP32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cnvfat32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\BROWSELC32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\camocx32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\CATSRVUT32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\CLBCATEX32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\CLICONFG32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\CLICONFG3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\CNBJMON32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\COMPATUI32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\corpol32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\crtdll32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\CRYPT3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cscui32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\D3D8THK32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\d3dim32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\D3DRAMP32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\danim32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DATACLEN32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dbgeng32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DBMSRPCN32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DCIMAN3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DFRGRES32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DFRGRES3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dfrgui32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DHCPCSVC32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dimap32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dinput32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DINPUT3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dmdlgs32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dmocx32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dmusic32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dnsapi32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DOCPROP32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dpcdll32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DPNADDR32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DPNHPAST32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DPSERIAL32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dpvvox32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DPWSOCKX32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DSOUND3D32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DSPRPRES32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dssec32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\DivX32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cryptui32.dll (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dxtrans32.dll (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\d3dxof32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dgrpsetu32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cdfview32.dll (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dsuiext32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dmdskres32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dsauth32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\csseqchk3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dplayx32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\diskcopy32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dpnmodem32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dmintf32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\csseqchk32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cmpbk3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cdosys32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dxdiagn32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cmdial3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dxtmsft32.dll (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\deskadp32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\divx_xx0c32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\deskperf32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\comrepl32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\avmeter32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bitsprx232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddraw32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\svchost.txt (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

    Ik ben geen expert in deze problematiek en ben dringend op zoek naar hulp!
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:3fe427d8ab]O2 - BHO: (no name) - {045FBE85-378D-498A-ACDD-8A80A92ECA41} - C:\WINDOWS\system32\tlknuycf.dll
    O2 - BHO: (no name) - {9DB64C21-2793-48A6-B598-0A6E3190AB97} - C:\WINDOWS\system32\efcccyx.dll (file missing)
    O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
    O4 - Startup: santa.bat
    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
    O20 - Winlogon Notify: awvtq - C:\WINDOWS\system32\awvtq.dll (file missing)
    O20 - Winlogon Notify: efcccyx - efcccyx.dll (file missing)
    O20 - Winlogon Notify: gbfebeuj - C:\WINDOWS\SYSTEM32\kwzyuef.dll
    O20 - Winlogon Notify: winnkw32 - winnkw32.dll (file missing)
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    [/b:3fe427d8ab]


    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Ga nu naar Start -> Uitvoeren
    Typ hier dit commando in: [b:3fe427d8ab]sc stop Boonty Games[/b:3fe427d8ab] en druk op OK.
    Herhaal dit met dit commando:[b:3fe427d8ab]sc delete Boonty Games[/b:3fe427d8ab].



    [b:3fe427d8ab][u:3fe427d8ab] OTMoveIt[/b:3fe427d8ab][/u:3fe427d8ab]

    *Download http://oldtimer.geekstogo.com/OTM.exe (by OldTimer) naar je Bureaublad.
    * Dubbelklik op OTMoveIt3.exe om de tool te starten.
    * Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, vetgedrukte tekst :

    [b:3fe427d8ab]
    :Processes
    explorer.exe


    :Services

    :Reg

    :Files
    C:\WINDOWS\system32\tlknuycf.dll
    C:\WINDOWS\system32\efcccyx.dll
    C:\windows\system32\kwzyuef.dll
    C:\Program Files\GamesBar\oberontb.dll
    C:\WINDOWS\system32\awvtq.dll
    C:\WINDOWS\SYSTEM32\kwzyuef.dll
    C:\WINDOWS\SYSTEM32\winnkw32.dll
    C:\WINDOWS\SYSTEM32\efcccyx.dll

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]

    [/b:3fe427d8ab]
    * Plak de gekopiëerde tekst (druk Ctrl-V) in het [b:3fe427d8ab]"Paste List of Files/Folders to be moved"[/b:3fe427d8ab] venster
    * Klik op de rode [b:3fe427d8ab]MoveIt![/b:3fe427d8ab][/color:3fe427d8ab] knop
    * [b:3fe427d8ab]Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord,[/b:3fe427d8ab]
    (of het logje dat je terugvindt als [b:3fe427d8ab]C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log).[/b:3fe427d8ab]
    * Sluit [b:3fe427d8ab]OTMoveIt3[/b:3fe427d8ab]
    Indien een bestand of map niet onmiddellijk kan verplaatst worden,
    kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen.
    Klik dan op [b:3fe427d8ab]Ja/Yes.[/b:3fe427d8ab]





    Download [b:3fe427d8ab]Combofix[/color:3fe427d8ab][/b:3fe427d8ab] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:3fe427d8ab]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:3fe427d8ab]download Combofix opnieuw[/b:3fe427d8ab].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:3fe427d8ab][/i:3fe427d8ab][list:3fe427d8ab][*:3fe427d8ab]Dubbelklik op [b:3fe427d8ab]Combofix.exe[/b:3fe427d8ab] om het te starten.
    [*:3fe427d8ab][i:3fe427d8ab]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:3fe427d8ab]
    [*:3fe427d8ab]Klik op [b:3fe427d8ab]OK[/b:3fe427d8ab] in het "NirCmd" venstertje.
    [*:3fe427d8ab]Klik na afloop terug op [b:3fe427d8ab]Ja[/b:3fe427d8ab] om het scannen op malware te starten.
    [*:3fe427d8ab]Tijdens het runnen van de fix, [b:3fe427d8ab]NIET[/b:3fe427d8ab] in het venster klikken, want dit zal je pc doen vasthangen.
    [*:3fe427d8ab]Wanneer de fix voltooid is en na herstart, zal de log [b:3fe427d8ab]Combofix.txt[/b:3fe427d8ab] openen.[/list:u:3fe427d8ab]Post dit logje in je volgende antwoord
  • Hoi, heb in programma hijackthis enkele onderdelen niet aangetroffen.
    Dit zijn:

    O2 - BHO: (no name) - {9DB64C21-2793-48A6-B598-0A6E3190AB97} - C:\WINDOWS\system32\efcccyx.dll (file missing)
    O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
    O20 - Winlogon Notify: efcccyx - efcccyx.dll (file missing)
    O20 - Winlogon Notify: winnkw32 - winnkw32.dll (file missing)

    De rest heb ik met 'Fix checked' verwijderd.

    Ik neem aan dat dit gevolgen heeft voor de rest van mijn acties.
    Kun je mij zeggen wat ik moet doen?
    Alvast bedankt!
  • De 2 stap doen en dan een hijackthis logje plaatsen.
    Nog niet beginnen met de 3e stap
  • Hier het logbestandje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:05:15, on 15-6-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\PackethSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Toepassingen\I-pod\I-tunes\iTunesHelper.exe
    C:\Program Files\@home\bin\tgcmd.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    c:\program files\common files\mozilla shared\firefox.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ziggo.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {045FBE85-378D-498A-ACDD-8A80A92ECA41} - C:\WINDOWS\system32\tlknuycf.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {E0D8DDB0-9120-4C53-B468-2C8E17E2E000} - c:\windows\system32\kwzyuef.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [ccApp] -
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Toepassingen\I-pod\I-tunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [hcenter] "C:\Program Files\@home\bin\tgcmd.exe" /server /startmonitor
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www8.agame.com/games/shockwave/m/My3DRoom/My3DRoom_girlsgogames_nl.htm"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183487790968
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} (Cebra Virtuocity Client) - http://www.virtuocity.eu/download/v223/virtuocity.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D5F5F4B-C6A1-4B9E-9DD8-7E8D580514C6}: NameServer = 192.168.1.1,192.168.1.49
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: gbfebeuj - C:\WINDOWS\SYSTEM32\kwzyuef.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common\Database\bin\fbserver.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 13045 bytes
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:85c584a43e]O2 - BHO: (no name) - {045FBE85-378D-498A-ACDD-8A80A92ECA41} - C:\WINDOWS\system32\tlknuycf.dll
    O2 - BHO: (no name) - {E0D8DDB0-9120-4C53-B468-2C8E17E2E000} - c:\windows\system32\kwzyuef.dll [/b:85c584a43e]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Download [b:85c584a43e]Combofix[/color:85c584a43e][/b:85c584a43e] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:85c584a43e]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:85c584a43e]download Combofix opnieuw[/b:85c584a43e].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:85c584a43e][/i:85c584a43e][list:85c584a43e][*:85c584a43e]Dubbelklik op [b:85c584a43e]Combofix.exe[/b:85c584a43e] om het te starten.
    [*:85c584a43e][i:85c584a43e]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:85c584a43e]
    [*:85c584a43e]Klik op [b:85c584a43e]OK[/b:85c584a43e] in het "NirCmd" venstertje.
    [*:85c584a43e]Klik na afloop terug op [b:85c584a43e]Ja[/b:85c584a43e] om het scannen op malware te starten.
    [*:85c584a43e]Tijdens het runnen van de fix, [b:85c584a43e]NIET[/b:85c584a43e] in het venster klikken, want dit zal je pc doen vasthangen.
    [*:85c584a43e]Wanneer de fix voltooid is en na herstart, zal de log [b:85c584a43e]Combofix.txt[/b:85c584a43e] openen.[/list:u:85c584a43e]Post dit logje in je volgende antwoord
  • Hierbij het log-bestand van combofix. Heb in de tussentijd veel problemen gehad met mijn internetverbinding. Ik kan de laatste week ook geen systeemherstel meer uitvoeren of teruggaan naar een eerder herstelpunt, ik neem aan dat dit ook met deze problematiek te maken heeft. Kan dit ook hersteld worden?



    ComboFix 09-06-14.02 - Yolanda en Huub 15-06-2009 18:59.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.659 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Yolanda en Huub\Bureaublad\ComboFix.exe
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\NetworkService\Application Data\vparumlc
    c:\documents and settings\NetworkService\Local Settings\Application Data\vparumlc
    c:\documents and settings\Yolanda en Huub\Application Data\vparumlc
    c:\documents and settings\Yolanda en Huub\Local Settings\Application Data\vparumlc
    c:\windows\system32\drivers\cjjcexsd.sys
    c:\windows\system32\drivers
    onjbitz.sys
    c:\windows\system32\drivers\SKYNETkyxyvdkm.sys
    c:\windows\system32\gjbvfop.dll
    c:\windows\system32\kwzyuef.dll
    c:\windows\system32\SKYNETargpvjky.dat
    c:\windows\system32\SKYNETberfdpws.dat
    c:\windows\system32\SKYNETwqqobwuo.dll
    c:\windows\system32\SKYNETxfvqpqjw.dll
    c:\windows\system32\tlknuycf.dll
    c:\documents and settings\NetworkService\Application Data\vparumlc\profiles.ini
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\cert8.db
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\compatibility.ini
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\compreg.dat
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\cookies.sqlite
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\formhistory.sqlite
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\key3.db
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\localstore.rdf
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\parent.lock
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\permissions.sqlite
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\places.sqlite
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\places.sqlite-journal
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\places.sqlite-stmtjrnl
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\pluginreg.dat
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\prefs.js
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\secmod.db
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\webappsstore.sqlite
    c:\documents and settings\NetworkService\Application Data\vparumlc\Profiles\3da0wnsb.default\xpti.dat
    c:\documents and settings\NetworkService\Local Settings\Application Data\vparumlc\Profiles\3da0wnsb.default\urlclassifier3.sqlite
    c:\documents and settings\NetworkService\Local Settings\Application Data\vparumlc\Profiles\3da0wnsb.default\XPC.mfl
    c:\documents and settings\Yolanda en Huub\Application Data\vparumlc\profiles.ini
    c:\documents and settings\Yolanda en Huub\Application Data\vparumlc\Profiles\opb69rf2.default\cert8.db
    c:\documents and settings\Yolanda en Huub\Application Data\vparumlc\Profiles\opb69rf2.default\compatibility.ini
    c:\documents and settings\Yolanda en Huub\Application Data\vparumlc\Profiles\opb69rf2.default\compreg.dat
    c:\documents and settings\Yolanda en Huub\Application Data\vparumlc\Profiles\opb69rf2.default\cookies.sqlite
    c:\documents and settings\Yolanda en Huub\Application Data\vparumlc\Profiles\opb69rf2.default\formhistory.sqlite
    c:\documents and settings\Yolanda en Huub\Application Data\vparumlc\Profiles\opb69rf2.default\key3.db
    c:\documents and settings\Yolanda en Huub\Application Data\vparumlc\Profiles\opb69rf2.default\localstore.rdf
    c:\documents and settings\Yolanda en Huub\Application Data\vparumlc\Profiles\opb69rf2.default\permissions.sqlite
    c:\documents and settings\Yolanda en Huub\Application Data\vparumlc\Profiles\opb69rf2.default\places.sqlite
    c:\documents and settings\Yolanda en Huub\Application Data\vparumlc\Profiles\opb69rf2.default\pluginreg.dat
    c:\documents and settings\Yolanda en Huub\Application Data\vparumlc\Profiles\opb69rf2.default\prefs.js
    c:\documents and settings\Yolanda en Huub\Application Data\vparumlc\Profiles\opb69rf2.default\secmod.db
    c:\documents and settings\Yolanda en Huub\Application Data\vparumlc\Profiles\opb69rf2.default\webappsstore.sqlite
    c:\documents and settings\Yolanda en Huub\Application Data\vparumlc\Profiles\opb69rf2.default\xpti.dat
    c:\documents and settings\Yolanda en Huub\Local Settings\Application Data\vparumlc\Profiles\opb69rf2.default\urlclassifier3.sqlite
    c:\documents and settings\Yolanda en Huub\Local Settings\Application Data\vparumlc\Profiles\opb69rf2.default\XPC.mfl
    c:\windows\kb913800.exe
    c:\windows\system32\abvcdbvf.ini
    c:\windows\system32\amrjmkgu.ini
    c:\windows\system32\atl32.dll
    c:\windows\system32\atmfd32.dll
    c:\windows\system32\atrace32.dll
    c:\windows\system32\audiosrv32.dll
    c:\windows\system32\avicap3232.dll
    c:\windows\system32\avwav32.dll
    c:\windows\system32\azroles32.dll
    c:\windows\system32\bcsprsrc32.dll
    c:\windows\system32\bitsprx432.dll
    c:\windows\system32\bqgbwdhb.ini
    c:\windows\system32\browseui32.dll
    c:\windows\system32\bthci32.dll
    c:\windows\system32\btmkowul.ini
    c:\windows\system32\btpanui32.dll
    c:\windows\system32\bunuhego.ini
    c:\windows\system32\capicom32.dll
    c:\windows\system32\catsrv32.dll
    c:\windows\system32\cdm32.dll
    c:\windows\system32\certmgr32.dll
    c:\windows\system32\cfgbkend32.dll
    c:\windows\system32\cfgmgr323232.dll
    c:\windows\system32\cic32.dll
    c:\windows\system32\clauth132.dll
    c:\windows\system32\clauth13232.dll
    c:\windows\system32\clb32.dll
    c:\windows\system32\clbcatex3232.dll
    c:\windows\system32\clcd1632.dll
    c:\windows\system32\clusapi32.dll
    c:\windows\system32\cmpbk323232.dll
    c:\windows\system32\cmsetacl32.dll
    c:\windows\system32\cmsetacl3232.dll
    c:\windows\system32\colbact32.dll
    c:\windows\system32\colbact3232.dll
    c:\windows\system32\comcat32.dll
    c:\windows\system32\comcat3232.dll
    c:\windows\system32\comdlg3232.dll
    c:\windows\system32\comsvcs32.dll
    c:\windows\system32\comsvcs3232.dll
    c:\windows\system32\corpol3232.dll
    c:\windows\system32\credssp32.dll
    c:\windows\system32\crypt323232.dll
    c:\windows\system32\cryptdll32.dll
    c:\windows\system32\cryptdll3232.dll
    c:\windows\system32\cryptnet32.dll
    c:\windows\system32\csddial32.dll
    c:\windows\system32\ctl3dv232.dll
    c:\windows\system32\cudmdsyu.ini
    c:\windows\system32\d3d8thk3232.dll
    c:\windows\system32\d3dim70032.dll
    c:\windows\system32\d3dim7003232.dll
    c:\windows\system32\d3dx9_2832.dll
    c:\windows\system32\d3dx9_283232.dll
    c:\windows\system32\datime3232.dll
    c:\windows\system32\dbqarehl.ini
    c:\windows\system32\deskperf3232.dll
    c:\windows\system32\devmgr32.dll
    c:\windows\system32\dfsshlex32.dll
    c:\windows\system32\dfsshlex3232.dll
    c:\windows\system32\dhcpmon3232.dll
    c:\windows\system32\dhcpsapi3232.dll
    c:\windows\system32\difxapi32.dll
    c:\windows\system32\dimsntfy32.dll
    c:\windows\system32\dimsntfy3232.dll
    c:\windows\system32\divxdec_041132.dll
    c:\windows\system32\DLLAV3232.dll
    c:\windows\system32\DLLCDF3232.dll
    c:\windows\system32\DLLDIR3232.dll
    c:\windows\system32\DLLIMG3232.dll
    c:\windows\system32\DLLISO3232.dll
    c:\windows\system32\DLLMSC3232.dll
    c:\windows\system32\DLLPRJ3232.dll
    c:\windows\system32\DLLRD3232.dll
    c:\windows\system32\DLLTPO3232.dll
    c:\windows\system32\dmcompos32.dll
    c:\windows\system32\dmconfig32.dll
    c:\windows\system32\dot3dlg32.dll
    c:\windows\system32\dot3msm32.dll
    c:\windows\system32\dpuGUI1032.dll
    c:\windows\system32\dpv1032.dll
    c:\windows\system32\drivers\SKYNETkyxyvdkm.sys
    c:\windows\system32\dsdmoprp32.dll
    c:\windows\system32\dskquoui32.dll
    c:\windows\system32\etpqaeep.ini
    c:\windows\system32\fddbdhbb.ini
    c:\windows\system32\ffmosalu.ini
    c:\windows\system32\fgwxprjd.ini
    c:\windows\system32\hginosrv.ini
    c:\windows\system32\hlvciidy.ini
    c:\windows\system32\hytklpfv.ini
    c:\windows\system32\icxrrqhn.ini
    c:\windows\system32\ioyxnibh.ini
    c:\windows\system32\iwrfekwy.ini
    c:\windows\system32\kiglsvds.ini
    c:\windows\system32
    qtwa.bak2
    c:\windows\system32
    qtwa.tmp
    c:\windows\system32
    upolfio.ini
    c:\windows\system32\ppinosts.ini
    c:\windows\system32\pqflaxbr.ini
    c:\windows\system32\qtvwa.bak2
    c:\windows\system32\qtvwa.ini2
    c:\windows\system32\qtvwa.tmp
    c:\windows\system32\qxlfuasy.ini
    c:\windows\system32\rvtflmxl.ini
    c:\windows\system32\rwniqhcl.ini
    c:\windows\system32\sgljrnde.ini
    c:\windows\system32\sguppwne.ini
    c:\windows\system32\shtgiial.ini
    c:\windows\system32\SKYNETargpvjky.dat
    c:\windows\system32\SKYNETberfdpws.dat
    c:\windows\system32\SKYNETwqqobwuo.dll
    c:\windows\system32\SKYNETxfvqpqjw.dll
    c:\windows\system32\tjcmkgpr.ini
    c:\windows\system32\tyuwpyjc.ini
    c:\windows\system32\uaugyegr.ini
    c:\windows\system32\utqvwqgq.ini
    c:\windows\system32\uxloyyuy.ini
    c:\windows\system32\vqlatngj.ini
    c:\windows\system32\wrgotamw.ini
    c:\windows\system32\xmlbxage.ini
    c:\windows\system32\ylmmttgm.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Service_SKYNETvmexroxm
    ——-\Legacy_BOONTY_GAMES
    ——-\Legacy_NONJBITZ
    ——-\Legacy_NTMLSVC
    ——-\Legacy_ZUHVALPP
    ——-\Service_Boonty Games
    ——-\Service_nonjbitz
    ——-\Service_NtmlSvc
    ——-\Service_zuhvalpp


    (((((((((((((((((((( Bestanden Gemaakt van 2009-05-15 to 2009-06-15 ))))))))))))))))))))))))))))))
    .

    2009-06-15 14:30 . 2009-06-15 14:30 ——– d—–w- c:\windows\Mozilla
    2009-06-15 12:39 . 2009-06-15 12:39 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\Malwarebytes
    2009-06-15 12:39 . 2009-05-26 11:20 40160 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-15 12:39 . 2009-06-15 12:39 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-15 12:39 . 2009-06-15 12:39 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-06-15 12:39 . 2009-05-26 11:19 19096 —-a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-15 12:31 . 2009-06-15 12:31 ——– d—–w- c:\program files\Trend Micro
    2009-06-14 20:21 . 2009-06-14 20:21 24576 —-a-w- c:\windows\system32\VundoFixSVC.exe
    2009-06-14 18:21 . 2009-06-14 20:21 ——– d—–w- C:\VundoFix Backups
    2009-06-14 15:40 . 2009-06-14 15:40 ——– d-sh–w- c:\documents and settings\LocalService\IETldCache
    2009-06-14 15:02 . 2009-06-14 15:02 ——– d—–w- c:\program files\Windows Sidebar
    2009-06-13 19:32 . 2009-06-13 19:33 ——– d—–w- C:\7048bcc164b9504858
    2009-06-12 21:38 . 2009-06-13 21:10 117760 —-a-w- c:\documents and settings\Yolanda en Huub\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-06-12 21:36 . 2009-06-12 21:36 ——– d—–w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-06-12 21:36 . 2009-06-12 21:36 ——– d—–w- c:\program files\SUPERAntiSpyware
    2009-06-12 21:36 . 2009-06-12 21:36 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\SUPERAntiSpyware.com
    2009-06-12 21:36 . 2009-06-12 21:36 ——– d—–w- c:\program files\Common Files\Wise Installation Wizard
    2009-06-11 19:56 . 2009-06-11 20:20 ——– d—–w- c:\documents and settings\All Users\Application Data\Norton
    2009-06-11 19:56 . 2009-06-11 19:56 ——– d—–w- c:\documents and settings\All Users\Application Data\NortonInstaller
    2009-06-10 15:00 . 2009-04-30 21:18 12800 -c—-w- c:\windows\system32\dllcache\xpshims.dll
    2009-06-10 15:00 . 2009-04-30 21:17 246272 -c—-w- c:\windows\system32\dllcache\ieproxy.dll
    2009-06-06 21:08 . 2009-06-06 21:19 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\Uniblue
    2009-06-06 21:08 . 2009-06-06 21:19 ——– d—–w- c:\documents and settings\All Users\Application Data\DriverScanner
    2009-06-06 20:32 . 2009-03-19 14:32 23400 —-a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-06-06 20:32 . 2008-04-17 10:12 107368 —-a-w- c:\windows\system32\GEARAspi.dll
    2009-06-06 20:32 . 2009-06-06 20:32 ——– d—–w- c:\program files\iPod
    2009-06-06 20:32 . 2009-06-06 20:32 ——– d—–w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-06-06 20:32 . 2009-06-06 20:32 ——– d—–w- c:\program files\Bonjour
    2009-06-06 20:31 . 2009-06-06 20:31 ——– d—–w- c:\program files\QuickTime
    2009-06-06 20:30 . 2009-06-06 20:30 ——– d—–w- c:\program files\Apple Software Update
    2009-06-06 20:28 . 2009-05-29 11:36 39424 —-a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-06-06 20:28 . 2009-05-29 11:36 2060288 —-a-w- c:\windows\system32\usbaaplrc.dll
    2009-06-05 15:58 . 2009-06-05 15:58 10134 —-a-r- c:\documents and settings\Yolanda en Huub\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
    2009-06-05 15:58 . 2009-06-05 15:58 ——– d—–w- c:\program files\Microsoft WSE
    2009-06-05 15:57 . 2006-09-28 14:05 2414360 —-a-w- c:\windows\system32\d3dx9_31.dll
    2009-06-05 15:57 . 2009-06-05 15:57 ——– d—–w- c:\windows\Logs
    2009-06-05 15:39 . 2009-06-05 15:39 167174 —-a-w- c:\windows\tst.exe
    2009-06-05 15:36 . 2009-06-05 15:36 ——– d—–w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2009-06-05 15:30 . 2009-06-05 15:30 721904 —-a-w- c:\windows\system32\drivers\sptd.sys
    2009-06-05 15:30 . 2009-06-05 15:39 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\DAEMON Tools Lite
    2009-06-05 15:18 . 2009-06-05 15:18 ——– d—–w- c:\documents and settings\All Users\Application Data\B3A9
    2009-06-04 14:34 . 2009-06-04 14:34 ——– d—–w- c:\documents and settings\All Users\Application Data\2E3E
    2009-06-02 19:37 . 2009-06-02 19:37 ——– d—–w- c:\documents and settings\All Users\Application Data\F1F4
    2009-05-30 10:50 . 2009-05-30 10:50 75048 —-a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-05-24 11:00 . 2009-05-24 11:00 152576 —-a-w- c:\documents and settings\Yolanda en Huub\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-05-24 09:15 . 2009-05-24 09:15 ——– d—–w- c:\documents and settings\All Users\Application Data\DB6
    2009-05-23 12:30 . 2009-03-09 03:19 410984 —-a-w- c:\windows\system32\deploytk.dll
    2009-05-23 12:30 . 2009-05-23 12:30 152576 —-a-w- c:\documents and settings\Yolanda en Huub\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
    2009-05-18 11:58 . 2009-05-18 11:58 ——– d-sh–w- c:\documents and settings\Yolanda en Huub\IECompatCache
    2009-05-18 11:54 . 2009-05-18 11:54 ——– d—–w- c:\documents and settings\All Users\Application Data\37251

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-15 16:33 . 2007-04-10 14:54 ——– d—–w- c:\program files\Symantec AntiVirus
    2009-06-14 15:18 . 2009-01-19 13:52 ——– d—–w- c:\program files\Common Files\Nero
    2009-06-14 15:04 . 2006-10-30 11:11 ——– d—–w- c:\program files\Nero
    2009-06-14 14:49 . 2009-01-19 13:52 ——– d—–w- c:\documents and settings\All Users\Application Data\Nero
    2009-06-13 19:33 . 2006-09-28 10:01 ——– d—–w- c:\program files\Windows Media Connect 2
    2009-06-13 19:03 . 2007-07-06 18:56 ——– d—–w- c:\program files\AVG Anti-Spyware 7.5(Ewido)
    2009-06-13 18:59 . 2006-10-30 09:48 ——– d–h–w- c:\program files\InstallShield Installation Information
    2009-06-10 15:37 . 2006-10-30 11:57 ——– d—–w- c:\program files\Microsoft Works
    2009-06-08 13:13 . 2007-03-16 16:44 ——– d—a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-06-08 12:58 . 2007-03-27 18:33 ——– d—–w- c:\program files\Gamenext
    2009-06-08 12:29 . 2006-12-11 14:11 ——– d—–w- c:\program files\Hitman Pro
    2009-06-06 20:37 . 2008-04-23 12:22 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\Apple Computer
    2009-06-06 20:32 . 2008-04-23 12:19 ——– d—–w- c:\program files\Common Files\Apple
    2009-06-06 20:31 . 2006-10-30 14:28 ——– d—–w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-06-06 20:26 . 2006-12-11 14:10 ——– d—–w- c:\program files\Toepassingen
    2009-06-06 18:16 . 2007-03-16 15:51 ——– d—–w- c:\program files\Spellen
    2009-06-02 20:00 . 2009-01-19 21:11 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\Azureus
    2009-05-24 11:01 . 2006-10-30 10:32 ——– d—–w- c:\program files\Java
    2009-05-23 13:24 . 2009-05-23 12:38 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\LimeWire
    2009-05-13 05:06 . 2006-04-10 12:00 915456 —-a-w- c:\windows\system32\wininet.dll
    2009-05-08 13:58 . 2009-05-08 13:58 ——– d—–w- c:\documents and settings\All Users\Application Data\37F
    2009-05-07 15:34 . 2006-04-10 12:00 347136 —-a-w- c:\windows\system32\localspl.dll
    2009-05-06 16:36 . 2009-05-06 16:36 ——– d—–w- c:\program files\SystemRequirementsLab
    2009-04-27 15:00 . 2009-04-27 15:00 ——– d—–w- c:\documents and settings\All Users\Application Data\1B37F
    2009-04-27 14:59 . 2009-04-27 14:59 ——– d—–w- c:\program files\BearShare Applications
    2009-04-27 14:58 . 2007-03-16 17:23 ——– d—–w- c:\program files\BearShare
    2009-04-23 18:59 . 2006-04-10 12:00 89264 —-a-w- c:\windows\system32\perfc013.dat
    2009-04-23 18:59 . 2006-04-10 12:00 505762 —-a-w- c:\windows\system32\perfh013.dat
    2009-04-19 19:51 . 2006-04-10 12:00 1847296 —-a-w- c:\windows\system32\win32k.sys
    2009-04-15 14:55 . 2006-04-10 12:00 585216 —-a-w- c:\windows\system32\rpcrt4.dll
    2009-03-27 06:14 . 2006-10-30 09:56 453152 —-a-w- c:\windows\system32\NVUNINST.EXE
    2009-03-19 14:32 . 2009-03-19 14:32 23400 —-a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    2007-06-29 20:49 . 2007-06-29 20:49 774144 —-a-w- c:\program files\RngInterstitial.dll
    2006-10-30 11:23 . 2006-10-30 11:23 8 –sh–r- c:\windows\system32\6B8972DCC0.sys
    2006-10-30 11:23 . 2006-10-30 11:23 4704 –sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-01-27 251264]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="-" [X]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\Toepassingen\I-pod\I-tunes\iTunesHelper.exe" [2009-05-30 292136]
    "hcenter"="c:\program files\@home\bin\tgcmd.exe" [2005-02-05 1757184]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-10-09 16236032]
    "nwiz"="nwiz.exe" - c:\windows\system32
    wiz.exe [2009-03-27 1657376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    2008-12-22 10:05 356352 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\NetMeeting\\Conf.exe"=
    "c:\\Program Files\\Toepassingen\\Incredimail\\IncrediMail\\incredimail_install 190307.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "c:\\@Home\\Tools\
    etdiag.exe"=
    "c:\\Program Files\\@home\\bin\\tgcmd.exe"=
    "c:\\Program Files\\Toepassingen\\Incredimail\\magentic_install.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\CompuServe 6.0\\cs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\PhotoJoy\\Bin\\PjImp.exe"=
    "c:\\Program Files\\PhotoJoy\\Bin\\PjApp.exe"=
    "c:\\Program Files\\PhotoJoy\\Bin\\PhotoJoy.exe"=
    "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Toepassingen\\I-pod\\I-tunes\\iTunes.exe"=
    "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
    "c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "2643:UDP"= 2643:UDP:Windows Media Format SDK (iexplore.exe)
    "2642:UDP"= 2642:UDP:Windows Media Format SDK (iexplore.exe)
    "2712:UDP"= 2712:UDP:Windows Media Format SDK (iexplore.exe)
    "2713:UDP"= 2713:UDP:Windows Media Format SDK (iexplore.exe)
    "2740:UDP"= 2740:UDP:Windows Media Format SDK (iexplore.exe)
    "2741:UDP"= 2741:UDP:Windows Media Format SDK (iexplore.exe)
    "2752:UDP"= 2752:UDP:Windows Media Format SDK (iexplore.exe)
    "2753:UDP"= 2753:UDP:Windows Media Format SDK (iexplore.exe)
    "2765:UDP"= 2765:UDP:Windows Media Format SDK (iexplore.exe)
    "2764:UDP"= 2764:UDP:Windows Media Format SDK (iexplore.exe)
    "2778:UDP"= 2778:UDP:Windows Media Format SDK (iexplore.exe)
    "2779:UDP"= 2779:UDP:Windows Media Format SDK (iexplore.exe)
    "2794:UDP"= 2794:UDP:Windows Media Format SDK (iexplore.exe)
    "2795:UDP"= 2795:UDP:Windows Media Format SDK (iexplore.exe)

    R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [30-10-2006 11:48 17920]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26-5-2009 10:05 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26-5-2009 10:05 72944]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [17-3-2009 18:19 55152]
    R2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [30-10-2006 16:38 64512]
    R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [30-10-2006 11:14 1105664]
    R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [30-10-2006 11:22 7040]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common\Database\bin\fbserver.exe [18-3-2007 15:47 1527900]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6-2-2009 19:08 533360]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys –> c:\windows\system32\DRIVERS\wg111v2.sys [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26-5-2009 10:05 7408]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [23-6-2005 19:27 124608]

    — Andere Services/Drivers In Geheugen —

    *NewlyCreated* - NONJBITZ
    *Deregistered* - nonjbitz

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.0.4506.2152; .NET
    SafeBoot-AVG Anti-Spyware Driver
    SafeBoot-AVG Anti-Spyware Guard


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.ziggo.nl/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: ziggo.nl\thuishelp
    TCP: {6D5F5F4B-C6A1-4B9E-9DD8-7E8D580514C6} = 192.168.1.1,192.168.1.49
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} - hxxp://www.virtuocity.eu/download/v223/virtuocity.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-15 19:12
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ccEvtMgr]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SAVRT]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SNDSrvc]
    "ImagePath"="-"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SYMTDI]
    "ImagePath"="-"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(680)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    - - - - - - - > 'explorer.exe'(3984)
    c:\program files\IncrediMail\bin\B4ImApp.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\windows\ehome\ehrecvr.exe
    c:\windows\ehome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\windows\system32
    vsvc32.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\progra~1\COMMON~1\X10\Common\X10nets.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\ehome\ehmsas.exe
    c:\windows\system32\rundll32.exe
    c:\program files\IncrediMail\bin\IMApp.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-06-15 19:16 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-06-15 17:16

    Pre-Run: 180.309.655.552 bytes beschikbaar
    Post-Run: 180.161.273.856 bytes beschikbaar

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    468 — E O F — 2009-06-14 20:25
  • Ben je van plan Bearshare te houden?



    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

    [b:5248bf99ee]File::
    c:\windows\tst.exe
    [/b:5248bf99ee][/color:5248bf99ee]

    Sla het kladblokbestand op als CFScript.txt

    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder:

    [img:5248bf99ee]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:5248bf99ee]

    ComboFix zal opnieuw starten.
    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
    Post de inhoud van de logfile samen met een nieuw HijackThis log.
  • Ja ik wil BearShare houden, of heb je een beter/veiliger alternatief voor mij?

    Hier volgen de logbestandjes van combofix en hijack:

    ComboFix 09-06-16.05 - Yolanda en Huub 17-06-2009 21:53.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.458 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Yolanda en Huub\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Yolanda en Huub\Bureaublad\CFScript.txt
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-05-17 to 2009-06-17 ))))))))))))))))))))))))))))))
    .

    2009-06-15 14:30 . 2009-06-15 14:30 ——– d—–w- c:\windows\Mozilla
    2009-06-15 12:39 . 2009-06-15 12:39 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\Malwarebytes
    2009-06-15 12:39 . 2009-05-26 11:20 40160 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-15 12:39 . 2009-06-15 12:39 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-15 12:39 . 2009-06-15 12:39 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-06-15 12:39 . 2009-05-26 11:19 19096 —-a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-15 12:31 . 2009-06-15 12:31 ——– d—–w- c:\program files\Trend Micro
    2009-06-14 20:21 . 2009-06-14 20:21 24576 —-a-w- c:\windows\system32\VundoFixSVC.exe
    2009-06-14 18:21 . 2009-06-14 20:21 ——– d—–w- C:\VundoFix Backups
    2009-06-14 15:40 . 2009-06-14 15:40 ——– d-sh–w- c:\documents and settings\LocalService\IETldCache
    2009-06-14 15:02 . 2009-06-14 15:02 ——– d—–w- c:\program files\Windows Sidebar
    2009-06-13 19:32 . 2009-06-13 19:33 ——– d—–w- C:\7048bcc164b9504858
    2009-06-12 21:38 . 2009-06-13 21:10 117760 —-a-w- c:\documents and settings\Yolanda en Huub\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-06-12 21:36 . 2009-06-12 21:36 ——– d—–w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-06-12 21:36 . 2009-06-12 21:36 ——– d—–w- c:\program files\SUPERAntiSpyware
    2009-06-12 21:36 . 2009-06-12 21:36 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\SUPERAntiSpyware.com
    2009-06-12 21:36 . 2009-06-12 21:36 ——– d—–w- c:\program files\Common Files\Wise Installation Wizard
    2009-06-11 19:56 . 2009-06-11 20:20 ——– d—–w- c:\documents and settings\All Users\Application Data\Norton
    2009-06-11 19:56 . 2009-06-11 19:56 ——– d—–w- c:\documents and settings\All Users\Application Data\NortonInstaller
    2009-06-10 15:00 . 2009-04-30 21:18 12800 -c—-w- c:\windows\system32\dllcache\xpshims.dll
    2009-06-10 15:00 . 2009-04-30 21:17 246272 -c—-w- c:\windows\system32\dllcache\ieproxy.dll
    2009-06-06 21:08 . 2009-06-06 21:19 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\Uniblue
    2009-06-06 21:08 . 2009-06-06 21:19 ——– d—–w- c:\documents and settings\All Users\Application Data\DriverScanner
    2009-06-06 20:32 . 2009-03-19 14:32 23400 —-a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-06-06 20:32 . 2008-04-17 10:12 107368 —-a-w- c:\windows\system32\GEARAspi.dll
    2009-06-06 20:32 . 2009-06-06 20:32 ——– d—–w- c:\program files\iPod
    2009-06-06 20:32 . 2009-06-06 20:32 ——– d—–w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-06-06 20:32 . 2009-06-06 20:32 ——– d—–w- c:\program files\Bonjour
    2009-06-06 20:31 . 2009-06-06 20:31 ——– d—–w- c:\program files\QuickTime
    2009-06-06 20:30 . 2009-06-06 20:30 ——– d—–w- c:\program files\Apple Software Update
    2009-06-06 20:28 . 2009-05-29 11:36 39424 —-a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-06-06 20:28 . 2009-05-29 11:36 2060288 —-a-w- c:\windows\system32\usbaaplrc.dll
    2009-06-05 15:58 . 2009-06-05 15:58 10134 —-a-r- c:\documents and settings\Yolanda en Huub\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
    2009-06-05 15:58 . 2009-06-05 15:58 ——– d—–w- c:\program files\Microsoft WSE
    2009-06-05 15:57 . 2006-09-28 14:05 2414360 —-a-w- c:\windows\system32\d3dx9_31.dll
    2009-06-05 15:57 . 2009-06-05 15:57 ——– d—–w- c:\windows\Logs
    2009-06-05 15:39 . 2009-06-05 15:39 167174 —-a-w- c:\windows\tst.exe
    2009-06-05 15:36 . 2009-06-05 15:36 ——– d—–w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2009-06-05 15:30 . 2009-06-05 15:30 721904 —-a-w- c:\windows\system32\drivers\sptd.sys
    2009-06-05 15:30 . 2009-06-05 15:39 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\DAEMON Tools Lite
    2009-06-05 15:18 . 2009-06-05 15:18 ——– d—–w- c:\documents and settings\All Users\Application Data\B3A9
    2009-06-04 14:34 . 2009-06-04 14:34 ——– d—–w- c:\documents and settings\All Users\Application Data\2E3E
    2009-06-02 19:37 . 2009-06-02 19:37 ——– d—–w- c:\documents and settings\All Users\Application Data\F1F4
    2009-05-30 10:50 . 2009-05-30 10:50 75048 —-a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-05-24 11:00 . 2009-05-24 11:00 152576 —-a-w- c:\documents and settings\Yolanda en Huub\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-05-24 09:15 . 2009-05-24 09:15 ——– d—–w- c:\documents and settings\All Users\Application Data\DB6
    2009-05-23 12:30 . 2009-03-09 03:19 410984 —-a-w- c:\windows\system32\deploytk.dll
    2009-05-23 12:30 . 2009-05-23 12:30 152576 —-a-w- c:\documents and settings\Yolanda en Huub\Application Data\Sun\Java\jre1.6.0_11\lzma.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-17 19:51 . 2007-04-10 14:54 ——– d—–w- c:\program files\Symantec AntiVirus
    2009-06-14 15:18 . 2009-01-19 13:52 ——– d—–w- c:\program files\Common Files\Nero
    2009-06-14 15:04 . 2006-10-30 11:11 ——– d—–w- c:\program files\Nero
    2009-06-14 14:49 . 2009-01-19 13:52 ——– d—–w- c:\documents and settings\All Users\Application Data\Nero
    2009-06-13 19:33 . 2006-09-28 10:01 ——– d—–w- c:\program files\Windows Media Connect 2
    2009-06-13 19:03 . 2007-07-06 18:56 ——– d—–w- c:\program files\AVG Anti-Spyware 7.5(Ewido)
    2009-06-13 18:59 . 2006-10-30 09:48 ——– d–h–w- c:\program files\InstallShield Installation Information
    2009-06-10 15:37 . 2006-10-30 11:57 ——– d—–w- c:\program files\Microsoft Works
    2009-06-08 13:13 . 2007-03-16 16:44 ——– d—a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-06-08 12:58 . 2007-03-27 18:33 ——– d—–w- c:\program files\Gamenext
    2009-06-08 12:29 . 2006-12-11 14:11 ——– d—–w- c:\program files\Hitman Pro
    2009-06-06 20:37 . 2008-04-23 12:22 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\Apple Computer
    2009-06-06 20:32 . 2008-04-23 12:19 ——– d—–w- c:\program files\Common Files\Apple
    2009-06-06 20:31 . 2006-10-30 14:28 ——– d—–w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-06-06 20:26 . 2006-12-11 14:10 ——– d—–w- c:\program files\Toepassingen
    2009-06-06 18:16 . 2007-03-16 15:51 ——– d—–w- c:\program files\Spellen
    2009-06-02 20:00 . 2009-01-19 21:11 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\Azureus
    2009-05-24 11:01 . 2006-10-30 10:32 ——– d—–w- c:\program files\Java
    2009-05-23 13:24 . 2009-05-23 12:38 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\LimeWire
    2009-05-18 11:54 . 2009-05-18 11:54 ——– d—–w- c:\documents and settings\All Users\Application Data\37251
    2009-05-13 05:06 . 2006-04-10 12:00 915456 —-a-w- c:\windows\system32\wininet.dll
    2009-05-08 13:58 . 2009-05-08 13:58 ——– d—–w- c:\documents and settings\All Users\Application Data\37F
    2009-05-07 15:34 . 2006-04-10 12:00 347136 —-a-w- c:\windows\system32\localspl.dll
    2009-05-06 16:36 . 2009-05-06 16:36 ——– d—–w- c:\program files\SystemRequirementsLab
    2009-04-27 15:00 . 2009-04-27 15:00 ——– d—–w- c:\documents and settings\All Users\Application Data\1B37F
    2009-04-27 14:59 . 2009-04-27 14:59 ——– d—–w- c:\program files\BearShare Applications
    2009-04-27 14:58 . 2007-03-16 17:23 ——– d—–w- c:\program files\BearShare
    2009-04-23 18:59 . 2006-04-10 12:00 89264 —-a-w- c:\windows\system32\perfc013.dat
    2009-04-23 18:59 . 2006-04-10 12:00 505762 —-a-w- c:\windows\system32\perfh013.dat
    2009-04-19 19:51 . 2006-04-10 12:00 1847296 —-a-w- c:\windows\system32\win32k.sys
    2009-04-15 14:55 . 2006-04-10 12:00 585216 —-a-w- c:\windows\system32\rpcrt4.dll
    2009-03-27 06:14 . 2006-10-30 09:56 453152 —-a-w- c:\windows\system32\NVUNINST.EXE
    2007-06-29 20:49 . 2007-06-29 20:49 774144 —-a-w- c:\program files\RngInterstitial.dll
    2006-10-30 11:23 . 2006-10-30 11:23 8 –sh–r- c:\windows\system32\6B8972DCC0.sys
    2006-10-30 11:23 . 2006-10-30 11:23 4704 –sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-06-15_17.13.15 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-06-17 18:48 . 2009-06-17 18:48 16384 c:\windows\Temp\Perflib_Perfdata_428.dat
    + 2007-04-10 14:56 . 2009-06-15 17:44 40960 c:\windows\Installer\{3248E093-5288-4CA9-B3AB-11A675FEA1F9}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
    - 2007-04-10 14:56 . 2009-06-15 15:18 40960 c:\windows\Installer\{3248E093-5288-4CA9-B3AB-11A675FEA1F9}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
    + 2007-04-10 14:56 . 2009-06-15 17:44 25214 c:\windows\Installer\{3248E093-5288-4CA9-B3AB-11A675FEA1F9}\ARPPRODUCTICON.exe
    - 2007-04-10 14:56 . 2009-06-15 15:18 25214 c:\windows\Installer\{3248E093-5288-4CA9-B3AB-11A675FEA1F9}\ARPPRODUCTICON.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-01-27 251264]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\Toepassingen\I-pod\I-tunes\iTunesHelper.exe" [2009-05-30 292136]
    "hcenter"="c:\program files\@home\bin\tgcmd.exe" [2005-02-05 1757184]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-10-09 16236032]
    "nwiz"="nwiz.exe" - c:\windows\system32
    wiz.exe [2009-03-27 1657376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    2008-12-22 10:05 356352 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\NetMeeting\\Conf.exe"=
    "c:\\Program Files\\Toepassingen\\Incredimail\\IncrediMail\\incredimail_install 190307.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "c:\\@Home\\Tools\
    etdiag.exe"=
    "c:\\Program Files\\@home\\bin\\tgcmd.exe"=
    "c:\\Program Files\\Toepassingen\\Incredimail\\magentic_install.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\CompuServe 6.0\\cs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\PhotoJoy\\Bin\\PjImp.exe"=
    "c:\\Program Files\\PhotoJoy\\Bin\\PjApp.exe"=
    "c:\\Program Files\\PhotoJoy\\Bin\\PhotoJoy.exe"=
    "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Toepassingen\\I-pod\\I-tunes\\iTunes.exe"=
    "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
    "c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "2643:UDP"= 2643:UDP:Windows Media Format SDK (iexplore.exe)
    "2642:UDP"= 2642:UDP:Windows Media Format SDK (iexplore.exe)
    "2712:UDP"= 2712:UDP:Windows Media Format SDK (iexplore.exe)
    "2713:UDP"= 2713:UDP:Windows Media Format SDK (iexplore.exe)
    "2740:UDP"= 2740:UDP:Windows Media Format SDK (iexplore.exe)
    "2741:UDP"= 2741:UDP:Windows Media Format SDK (iexplore.exe)
    "2752:UDP"= 2752:UDP:Windows Media Format SDK (iexplore.exe)
    "2753:UDP"= 2753:UDP:Windows Media Format SDK (iexplore.exe)
    "2765:UDP"= 2765:UDP:Windows Media Format SDK (iexplore.exe)
    "2764:UDP"= 2764:UDP:Windows Media Format SDK (iexplore.exe)
    "2778:UDP"= 2778:UDP:Windows Media Format SDK (iexplore.exe)
    "2779:UDP"= 2779:UDP:Windows Media Format SDK (iexplore.exe)
    "2794:UDP"= 2794:UDP:Windows Media Format SDK (iexplore.exe)
    "2795:UDP"= 2795:UDP:Windows Media Format SDK (iexplore.exe)

    R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [30-10-2006 11:48 17920]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26-5-2009 10:05 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26-5-2009 10:05 72944]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [17-3-2009 18:19 55152]
    R2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [30-10-2006 16:38 64512]
    R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [30-10-2006 11:14 1105664]
    R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [30-10-2006 11:22 7040]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common\Database\bin\fbserver.exe [18-3-2007 15:47 1527900]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6-2-2009 19:08 533360]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys –> c:\windows\system32\DRIVERS\wg111v2.sys [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26-5-2009 10:05 7408]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [23-6-2005 19:27 124608]

    — Andere Services/Drivers In Geheugen —

    *Deregistered* - EraserUtilDrv10910

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.ziggo.nl/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: ziggo.nl\thuishelp
    TCP: {6D5F5F4B-C6A1-4B9E-9DD8-7E8D580514C6} = 192.168.1.1,192.168.1.49
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} - hxxp://www.virtuocity.eu/download/v223/virtuocity.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-17 21:59
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(672)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    - - - - - - - > 'explorer.exe'(2304)
    c:\program files\IncrediMail\bin\B4ImApp.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Voltooingstijd: 2009-06-17 22:01
    ComboFix-quarantined-files.txt 2009-06-17 20:01
    ComboFix2.txt 2009-06-15 17:16

    Pre-Run: 180.097.654.784 bytes beschikbaar
    Post-Run: 180.073.218.048 bytes beschikbaar

    242 — E O F — 2009-06-14 20:25



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:06:38, on 17-6-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\PackethSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toepassingen\I-pod\I-tunes\iTunesHelper.exe
    C:\Program Files\@home\bin\tgcmd.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Symantec AntiVirus\vptray.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\IncrediMail\bin\IncMail.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ziggo.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Toepassingen\I-pod\I-tunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [hcenter] "C:\Program Files\@home\bin\tgcmd.exe" /server /startmonitor
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183487790968
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} (Cebra Virtuocity Client) - http://www.virtuocity.eu/download/v223/virtuocity.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D5F5F4B-C6A1-4B9E-9DD8-7E8D580514C6}: NameServer = 192.168.1.1,192.168.1.49
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common\Database\bin\fbserver.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 12309 bytes
  • Download GV Killer.exe.
    Zet het in een eigen map bijvoorbeeld in de map C:\Program Files\GV Killer en maak vervolgens een snelkoppeling van C:\Program Files\GV Killer\GV Killer.exe naar je bureaublad.
    Start GV Killer en gebruik Kopiëren en Plakken om de namen van onderstaande bestanden en mappen in het bestand C:\Program Files\GV Killer\input.txt te zetten.

    [b:eeec70e85b]c:\windows\tst.exe[/b:eeec70e85b]

    Sluit het bestand C:\Program Files\GV Killer\input.txt en druk op de toets Start Killing om het programma te starten.
    Plaats de inhoud van het bestand C:\GV Killer.txt in je volgende bericht samen met een nieuw logje van ComboFix.
  • Hieronder volgen de logbestandjes:

    Logfile gv_killer_01.txt v7.0.9 - Copyright © GV_Soft Guido Vaesen
    Rapport datum: 20-6-2009 13:27:17 log van Yolanda en Huub , Beheerder van deze computer
    Platform: Windows XP Prof SP3 NLD Normale modus

    BEGIN Geplande taken—————————————————————–
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    EINDE Geplande taken—————————————————————–


    Lijst Notify keys——————————————————————–
    HKLM\software\microsoft\windows nt\currentversion\winlogon
    otify
    !SASWinLogon C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    dimsntfy %SystemRoot%\System32\dimsntfy.dll
    NavLogon C:\WINDOWS\system32\NavLogon.dll
    WgaLogon WgaLogon.dll
    Settings
    Einde Notify keys——————————————————————–

    Verklaring Errorcodes—————————————————————-
    code 00 : Bestand is verwijderd.
    code 53 : Bestand of map werd niet gevonden op uw PC.
    code 70 : Bestand was in gebruik.
    code 75 : Services zijn nog geladen of bestand in gebruik.
    code M0 : Map is verwijderd.
    code ML : Map is volledig leeg gemaakt.
    code MN : Map werd niet gevonden op uw PC, is niet leeg gemaakt.
    code MV : Map werd niet gevonden op uw PC, is niet verwijderd.
    code K0 : Register key is verwijderd.
    Einde Errorcodes——————————————————————–

    BEGIN Inhoud van Input.txt———————————————————–
    c:\windows\tst.exe
    EINDE Inhoud van Input.txt———————————————————–

    00 c:\windows\tst.exe
    EINDE Inhoud van Input.txt———————————————————–


    ;1776396-OEM-0011903-00846=3QF0SSHP27

    ;EINDE GV_Killer ———————————————————————


    ComboFix 09-06-19.01 - Yolanda en Huub 20-06-2009 13:31.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.514 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Yolanda en Huub\Bureaublad\ComboFix.exe
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-05-20 to 2009-06-20 ))))))))))))))))))))))))))))))
    .

    2009-06-20 11:26 . 2009-06-20 11:26 ——– d—–w- c:\program files\GV_Killer
    2009-06-20 11:25 . 2009-06-20 11:25 ——– d—–w- c:\program files\GV Killer
    2009-06-19 16:22 . 2009-06-19 16:22 0 —-a-w- c:\documents and settings\Yolanda en Huub\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
    2009-06-19 16:10 . 2009-06-19 16:42 ——– d—–w- C:\Incomplete
    2009-06-19 16:08 . 2009-06-19 16:42 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\FrostWire
    2009-06-19 16:08 . 2009-06-19 16:08 ——– d—–w- c:\program files\FrostWire
    2009-06-19 13:30 . 2009-06-19 13:30 ——– d—–w- c:\documents and settings\All Users\Application Data\1E32C
    2009-06-15 14:30 . 2009-06-15 14:30 ——– d—–w- c:\windows\Mozilla
    2009-06-15 12:39 . 2009-06-15 12:39 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\Malwarebytes
    2009-06-15 12:39 . 2009-05-26 11:20 40160 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-15 12:39 . 2009-06-15 12:39 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-15 12:39 . 2009-06-15 12:39 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-06-15 12:39 . 2009-05-26 11:19 19096 —-a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-15 12:31 . 2009-06-15 12:31 ——– d—–w- c:\program files\Trend Micro
    2009-06-14 20:21 . 2009-06-14 20:21 24576 —-a-w- c:\windows\system32\VundoFixSVC.exe
    2009-06-14 18:21 . 2009-06-17 20:24 ——– d—–w- C:\VundoFix Backups
    2009-06-14 15:40 . 2009-06-14 15:40 ——– d-sh–w- c:\documents and settings\LocalService\IETldCache
    2009-06-14 15:02 . 2009-06-14 15:02 ——– d—–w- c:\program files\Windows Sidebar
    2009-06-13 19:32 . 2009-06-13 19:33 ——– d—–w- C:\7048bcc164b9504858
    2009-06-12 21:38 . 2009-06-13 21:10 117760 —-a-w- c:\documents and settings\Yolanda en Huub\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-06-12 21:36 . 2009-06-12 21:36 ——– d—–w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-06-12 21:36 . 2009-06-12 21:36 ——– d—–w- c:\program files\SUPERAntiSpyware
    2009-06-12 21:36 . 2009-06-12 21:36 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\SUPERAntiSpyware.com
    2009-06-12 21:36 . 2009-06-12 21:36 ——– d—–w- c:\program files\Common Files\Wise Installation Wizard
    2009-06-11 19:56 . 2009-06-11 20:20 ——– d—–w- c:\documents and settings\All Users\Application Data\Norton
    2009-06-11 19:56 . 2009-06-11 19:56 ——– d—–w- c:\documents and settings\All Users\Application Data\NortonInstaller
    2009-06-10 15:00 . 2009-04-30 21:18 12800 -c—-w- c:\windows\system32\dllcache\xpshims.dll
    2009-06-10 15:00 . 2009-04-30 21:17 246272 -c—-w- c:\windows\system32\dllcache\ieproxy.dll
    2009-06-06 21:08 . 2009-06-06 21:19 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\Uniblue
    2009-06-06 21:08 . 2009-06-06 21:19 ——– d—–w- c:\documents and settings\All Users\Application Data\DriverScanner
    2009-06-06 20:32 . 2009-03-19 14:32 23400 —-a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-06-06 20:32 . 2008-04-17 10:12 107368 —-a-w- c:\windows\system32\GEARAspi.dll
    2009-06-06 20:32 . 2009-06-06 20:32 ——– d—–w- c:\program files\iPod
    2009-06-06 20:32 . 2009-06-06 20:32 ——– d—–w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-06-06 20:32 . 2009-06-18 19:04 ——– d—–w- c:\program files\Bonjour
    2009-06-06 20:31 . 2009-06-06 20:31 ——– d—–w- c:\program files\QuickTime
    2009-06-06 20:30 . 2009-06-06 20:30 ——– d—–w- c:\program files\Apple Software Update
    2009-06-06 20:28 . 2009-05-29 11:36 39424 —-a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-06-06 20:28 . 2009-05-29 11:36 2060288 —-a-w- c:\windows\system32\usbaaplrc.dll
    2009-06-05 15:58 . 2009-06-05 15:58 10134 —-a-r- c:\documents and settings\Yolanda en Huub\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
    2009-06-05 15:58 . 2009-06-05 15:58 ——– d—–w- c:\program files\Microsoft WSE
    2009-06-05 15:57 . 2006-09-28 14:05 2414360 —-a-w- c:\windows\system32\d3dx9_31.dll
    2009-06-05 15:57 . 2009-06-05 15:57 ——– d—–w- c:\windows\Logs
    2009-06-05 15:36 . 2009-06-05 15:36 ——– d—–w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2009-06-05 15:30 . 2009-06-05 15:30 721904 —-a-w- c:\windows\system32\drivers\sptd.sys
    2009-06-05 15:30 . 2009-06-05 15:39 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\DAEMON Tools Lite
    2009-06-05 15:18 . 2009-06-05 15:18 ——– d—–w- c:\documents and settings\All Users\Application Data\B3A9
    2009-06-04 14:34 . 2009-06-04 14:34 ——– d—–w- c:\documents and settings\All Users\Application Data\2E3E
    2009-06-02 19:37 . 2009-06-02 19:37 ——– d—–w- c:\documents and settings\All Users\Application Data\F1F4
    2009-05-30 10:50 . 2009-05-30 10:50 75048 —-a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-05-24 11:00 . 2009-05-24 11:00 152576 —-a-w- c:\documents and settings\Yolanda en Huub\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-05-24 09:15 . 2009-05-24 09:15 ——– d—–w- c:\documents and settings\All Users\Application Data\DB6
    2009-05-23 12:30 . 2009-03-09 03:19 410984 —-a-w- c:\windows\system32\deploytk.dll
    2009-05-23 12:30 . 2009-05-23 12:30 152576 —-a-w- c:\documents and settings\Yolanda en Huub\Application Data\Sun\Java\jre1.6.0_11\lzma.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-20 11:29 . 2007-04-10 14:54 ——– d—–w- c:\program files\Symantec AntiVirus
    2009-06-18 19:16 . 2007-03-16 15:51 ——– d—–w- c:\program files\Spellen
    2009-06-14 15:18 . 2009-01-19 13:52 ——– d—–w- c:\program files\Common Files\Nero
    2009-06-14 15:04 . 2006-10-30 11:11 ——– d—–w- c:\program files\Nero
    2009-06-14 14:49 . 2009-01-19 13:52 ——– d—–w- c:\documents and settings\All Users\Application Data\Nero
    2009-06-13 19:33 . 2006-09-28 10:01 ——– d—–w- c:\program files\Windows Media Connect 2
    2009-06-13 19:03 . 2007-07-06 18:56 ——– d—–w- c:\program files\AVG Anti-Spyware 7.5(Ewido)
    2009-06-13 18:59 . 2006-10-30 09:48 ——– d–h–w- c:\program files\InstallShield Installation Information
    2009-06-10 15:37 . 2006-10-30 11:57 ——– d—–w- c:\program files\Microsoft Works
    2009-06-08 13:13 . 2007-03-16 16:44 ——– d—a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-06-08 12:58 . 2007-03-27 18:33 ——– d—–w- c:\program files\Gamenext
    2009-06-08 12:29 . 2006-12-11 14:11 ——– d—–w- c:\program files\Hitman Pro
    2009-06-06 20:37 . 2008-04-23 12:22 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\Apple Computer
    2009-06-06 20:32 . 2008-04-23 12:19 ——– d—–w- c:\program files\Common Files\Apple
    2009-06-06 20:31 . 2006-10-30 14:28 ——– d—–w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-06-06 20:26 . 2006-12-11 14:10 ——– d—–w- c:\program files\Toepassingen
    2009-06-02 20:00 . 2009-01-19 21:11 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\Azureus
    2009-05-24 11:01 . 2006-10-30 10:32 ——– d—–w- c:\program files\Java
    2009-05-23 13:24 . 2009-05-23 12:38 ——– d—–w- c:\documents and settings\Yolanda en Huub\Application Data\LimeWire
    2009-05-18 11:54 . 2009-05-18 11:54 ——– d—–w- c:\documents and settings\All Users\Application Data\37251
    2009-05-13 05:06 . 2006-04-10 12:00 915456 —-a-w- c:\windows\system32\wininet.dll
    2009-05-08 13:58 . 2009-05-08 13:58 ——– d—–w- c:\documents and settings\All Users\Application Data\37F
    2009-05-07 15:34 . 2006-04-10 12:00 347136 —-a-w- c:\windows\system32\localspl.dll
    2009-05-06 16:36 . 2009-05-06 16:36 ——– d—–w- c:\program files\SystemRequirementsLab
    2009-04-27 15:00 . 2009-04-27 15:00 ——– d—–w- c:\documents and settings\All Users\Application Data\1B37F
    2009-04-27 14:59 . 2009-04-27 14:59 ——– d—–w- c:\program files\BearShare Applications
    2009-04-27 14:58 . 2007-03-16 17:23 ——– d—–w- c:\program files\BearShare
    2009-04-23 18:59 . 2006-04-10 12:00 89264 —-a-w- c:\windows\system32\perfc013.dat
    2009-04-23 18:59 . 2006-04-10 12:00 505762 —-a-w- c:\windows\system32\perfh013.dat
    2009-04-19 19:51 . 2006-04-10 12:00 1847296 —-a-w- c:\windows\system32\win32k.sys
    2009-04-15 14:55 . 2006-04-10 12:00 585216 —-a-w- c:\windows\system32\rpcrt4.dll
    2009-03-27 06:14 . 2006-10-30 09:56 453152 —-a-w- c:\windows\system32\NVUNINST.EXE
    2007-06-29 20:49 . 2007-06-29 20:49 774144 —-a-w- c:\program files\RngInterstitial.dll
    2006-10-30 11:23 . 2006-10-30 11:23 8 –sh–r- c:\windows\system32\6B8972DCC0.sys
    2006-10-30 11:23 . 2006-10-30 11:23 4704 –sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-06-15_17.13.15 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-06-20 11:17 . 2009-06-20 11:17 16384 c:\windows\Temp\Perflib_Perfdata_dc.dat
    + 2007-04-10 14:56 . 2009-06-15 17:44 40960 c:\windows\Installer\{3248E093-5288-4CA9-B3AB-11A675FEA1F9}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
    - 2007-04-10 14:56 . 2009-06-15 15:18 40960 c:\windows\Installer\{3248E093-5288-4CA9-B3AB-11A675FEA1F9}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
    + 2007-04-10 14:56 . 2009-06-15 17:44 25214 c:\windows\Installer\{3248E093-5288-4CA9-B3AB-11A675FEA1F9}\ARPPRODUCTICON.exe
    - 2007-04-10 14:56 . 2009-06-15 15:18 25214 c:\windows\Installer\{3248E093-5288-4CA9-B3AB-11A675FEA1F9}\ARPPRODUCTICON.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-01-27 251264]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\Toepassingen\I-pod\I-tunes\iTunesHelper.exe" [2009-05-30 292136]
    "hcenter"="c:\program files\@home\bin\tgcmd.exe" [2005-02-05 1757184]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-10-09 16236032]
    "nwiz"="nwiz.exe" - c:\windows\system32
    wiz.exe [2009-03-27 1657376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    2008-12-22 10:05 356352 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\NetMeeting\\Conf.exe"=
    "c:\\Program Files\\Toepassingen\\Incredimail\\IncrediMail\\incredimail_install 190307.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "c:\\@Home\\Tools\
    etdiag.exe"=
    "c:\\Program Files\\@home\\bin\\tgcmd.exe"=
    "c:\\Program Files\\Toepassingen\\Incredimail\\magentic_install.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\CompuServe 6.0\\cs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\PhotoJoy\\Bin\\PjImp.exe"=
    "c:\\Program Files\\PhotoJoy\\Bin\\PjApp.exe"=
    "c:\\Program Files\\PhotoJoy\\Bin\\PhotoJoy.exe"=
    "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Toepassingen\\I-pod\\I-tunes\\iTunes.exe"=
    "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
    "c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "2643:UDP"= 2643:UDP:Windows Media Format SDK (iexplore.exe)
    "2642:UDP"= 2642:UDP:Windows Media Format SDK (iexplore.exe)
    "2712:UDP"= 2712:UDP:Windows Media Format SDK (iexplore.exe)
    "2713:UDP"= 2713:UDP:Windows Media Format SDK (iexplore.exe)
    "2740:UDP"= 2740:UDP:Windows Media Format SDK (iexplore.exe)
    "2741:UDP"= 2741:UDP:Windows Media Format SDK (iexplore.exe)
    "2752:UDP"= 2752:UDP:Windows Media Format SDK (iexplore.exe)
    "2753:UDP"= 2753:UDP:Windows Media Format SDK (iexplore.exe)
    "2765:UDP"= 2765:UDP:Windows Media Format SDK (iexplore.exe)
    "2764:UDP"= 2764:UDP:Windows Media Format SDK (iexplore.exe)
    "2778:UDP"= 2778:UDP:Windows Media Format SDK (iexplore.exe)
    "2779:UDP"= 2779:UDP:Windows Media Format SDK (iexplore.exe)
    "2794:UDP"= 2794:UDP:Windows Media Format SDK (iexplore.exe)
    "2795:UDP"= 2795:UDP:Windows Media Format SDK (iexplore.exe)

    R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [30-10-2006 11:48 17920]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26-5-2009 10:05 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26-5-2009 10:05 72944]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [17-3-2009 18:19 55152]
    R2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [30-10-2006 16:38 64512]
    R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [30-10-2006 11:14 1105664]
    R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [30-10-2006 11:22 7040]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common\Database\bin\fbserver.exe [18-3-2007 15:47 1527900]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6-2-2009 19:08 533360]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys –> c:\windows\system32\DRIVERS\wg111v2.sys [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26-5-2009 10:05 7408]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [23-6-2005 19:27 124608]

    — Andere Services/Drivers In Geheugen —

    *Deregistered* - EraserUtilDrv10910
    *Deregistered* - EraserUtilRebootDrv

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.ziggo.nl/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: ziggo.nl\thuishelp
    TCP: {6D5F5F4B-C6A1-4B9E-9DD8-7E8D580514C6} = 192.168.1.1,192.168.1.49
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} - hxxp://www.virtuocity.eu/download/v223/virtuocity.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-20 13:38
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(896)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    - - - - - - - > 'explorer.exe'(1732)
    c:\program files\IncrediMail\bin\B4ImApp.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Voltooingstijd: 2009-06-20 13:40
    ComboFix-quarantined-files.txt 2009-06-20 11:40
    ComboFix2.txt 2009-06-17 20:01
    ComboFix3.txt 2009-06-15 17:16

    Pre-Run: 179.870.416.896 bytes beschikbaar
    Post-Run: 179.854.114.816 bytes beschikbaar

    249 — E O F — 2009-06-14 20:25


    Ik wacht een vervolgopdracht weer af.
  • Zijn er nog problemen?
  • Hallo,

    ik heb even gewacht met reageren omdat ik zeker wilde zijn dat er geen problemen meer ontstonden. Ik kan momenteel weer een herstelpunt maken, en mijn brandprogramma doet het ook weer. Verder heb ik geen problemen meer ondervonden!!!
    Ik heb nog wel een vraag, in mijn anti-virusbestand staan nog twee geinfecteerde bestanden, kan ik deze nu verwijderen, of moet ik deze in quarantaine laten staan. Het betreft twee bestanden tlknuycf.dll (Trojan.Vundo).

    Ik stuur nog een laatste logfile van hijackthis mee zodat je e.e.a. nog kunt controleren. Heel hartelijk dank voor je hulp!!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:29:25, on 25-6-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\PackethSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Toepassingen\I-pod\I-tunes\iTunesHelper.exe
    C:\Program Files\@home\bin\tgcmd.exe
    C:\PROGRA~1\SYMANT~1\vptray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Toepassingen\I-pod\I-tunes\iTunes.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ziggo.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Toepassingen\I-pod\I-tunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [hcenter] "C:\Program Files\@home\bin\tgcmd.exe" /server /startmonitor
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183487790968
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} - http://www.virtuocity.eu/download/v223/virtuocity.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D5F5F4B-C6A1-4B9E-9DD8-7E8D580514C6}: NameServer = 192.168.1.1,192.168.1.49
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common\Database\bin\fbserver.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 12129 bytes
  • Je logje is schoon, je kan de bestanden uit je av verwijderen hoor.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.