Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HiJackThis log controleren

None
43 antwoorden
  • Hallo,

    Zouden jullie voor mij mijn log willen nakijken, dit werd mij een korte tijd geleden aangeraden, omdat mijn internet zeer langzaam was. Nu staat mijn computer soms ook zomaar vast, de muis kan ik dan nog wel bewegen alleen ik kan verder niks openen of doen.

    Alvast bedankt!

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 22:04:43, on 2-5-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\WINDOWS\system32\Launcher.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
    O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    O4 - HKLM\..\Run: [PrimaLauncher] C:\WINDOWS\system32\Launcher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SIMBAR={3E0FA918-7B3F-437B-9FB6-4DE2FFA50B3E}; BTRS26718; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.speeleiland.nl/mc-serve.htm"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Eigenaar\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: &Virtueel toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: URL Adviseur - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eigenaar\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
    O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://data.flatcast.com/NpFp415.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://80.101.154.174/activex/AMC.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


    End of file - 10892 bytes


    MBAM-log

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Databaseversie: 6493

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2-5-2011 22:16:24
    mbam-log-2011-05-02 (22-16-24).txt

    Scantype: Snelle scan
    Objecten gescand: 171507
    Verstreken tijd: 14 minuut/minuten, 15 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)
  • Wordt jouw kaspersky-software nog steeds geupdated?

    Doe het volgende:

    [b:3377a9f7b5]Welk programma[/b:3377a9f7b5]: Kaspersky [b:3377a9f7b5]TDSSKiller[/b:3377a9f7b5]
    [b:3377a9f7b5]Waarvoor/waarom[/b:3377a9f7b5]: Rootkitscanner
    [b:3377a9f7b5]Moeilijkheidsgraad[/b:3377a9f7b5]: geen
    [b:3377a9f7b5]Downloadlokatie[/b:3377a9f7b5]: Dit programma absoluut naar het bureaublad downloaden!
    [b:3377a9f7b5]Download[/b:3377a9f7b5] [b:3377a9f7b5]TDSSKiller[/b:3377a9f7b5] [b:3377a9f7b5]hier[/b:3377a9f7b5].

    [b:3377a9f7b5]Installatie[/b:3377a9f7b5]:
    [list:3377a9f7b5][*:3377a9f7b5] pak het bestand uit op je bureaublad.[/list:u:3377a9f7b5]

    [b:3377a9f7b5]TDSSKiller gebruiken[/b:3377a9f7b5]:
    [list:3377a9f7b5][*:3377a9f7b5]Windows 2000 en Windows XP: start TDSSKiller middels dubbelklik op TDSSKiller.exe.
    [*:3377a9f7b5]Windows Vista en Windows 7: start TDSSKiller middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:3377a9f7b5]Als Administrator uitvoeren[/b:3377a9f7b5].
    [*:3377a9f7b5] Nadat de scan klaar is, vindt je het log in de C:\ partitie
    [*:3377a9f7b5] Post de inhoud van dat log[/list:u:3377a9f7b5]


    En doe ook het volgende:

    [b:3377a9f7b5]Download LopSD of LOPSD naar je Bureaublad.[/b:3377a9f7b5]
    [list:3377a9f7b5][*:3377a9f7b5] [b:3377a9f7b5]De-activeer bij dit tooltje je antispyware en virusscanner.[/b:3377a9f7b5]
    [*:3377a9f7b5][b:3377a9f7b5]Vista- en Windows 7 gebruikers: rechtsklik op LopSD en kies voor "Als Administrator uitvoeren"!
    [*:3377a9f7b5] Kies Optie N en Enter
    [*:3377a9f7b5] Klik OK bij het informatie venter
    [*:3377a9f7b5] Kies Optie 2 en Enter
    [*:3377a9f7b5] Aan het eind verschijnt een log ( LopR.txt ) plaats de inhoud ervan in je volgende antwoord[/b:3377a9f7b5][/list:u:3377a9f7b5]
  • Hallo,

    Kaspersky word automatisch ge-update, soms gebeurt dit niet en dan doe ik het zelf. Hieronder staan mijn log, wat jij zei wat ik moest gaan doen.
    Ik hoop dat jullie hier iets mee kunnen.
    Alvast bedankt.

    TDSS

    2011/05/03 09:51:22.0156 2348 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
    2011/05/03 09:51:22.0375 2348 ================================================================================
    2011/05/03 09:51:22.0375 2348 SystemInfo:
    2011/05/03 09:51:22.0375 2348
    2011/05/03 09:51:22.0375 2348 OS Version: 5.1.2600 ServicePack: 3.0
    2011/05/03 09:51:22.0375 2348 Product type: Workstation
    2011/05/03 09:51:22.0375 2348 ComputerName: THUISPC
    2011/05/03 09:51:22.0375 2348 UserName: Eigenaar
    2011/05/03 09:51:22.0375 2348 Windows directory: C:\WINDOWS
    2011/05/03 09:51:22.0375 2348 System windows directory: C:\WINDOWS
    2011/05/03 09:51:22.0375 2348 Processor architecture: Intel x86
    2011/05/03 09:51:22.0375 2348 Number of processors: 2
    2011/05/03 09:51:22.0375 2348 Page size: 0x1000
    2011/05/03 09:51:22.0375 2348 Boot type: Normal boot
    2011/05/03 09:51:22.0375 2348 ================================================================================
    2011/05/03 09:51:22.0796 2348 Initialize success
    2011/05/03 09:51:46.0984 3048 ================================================================================
    2011/05/03 09:51:46.0984 3048 Scan started
    2011/05/03 09:51:46.0984 3048 Mode: Manual;
    2011/05/03 09:51:46.0984 3048 ================================================================================
    2011/05/03 09:51:49.0015 3048 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/05/03 09:51:49.0078 3048 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/05/03 09:51:49.0140 3048 ADIHdAudAddService (708baecc952e81a70ef36f5f0b1b981c) C:\WINDOWS\system32\drivers\ADIHdAud.sys
    2011/05/03 09:51:49.0203 3048 AEAudioService (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\AEAudio.sys
    2011/05/03 09:51:49.0250 3048 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/05/03 09:51:49.0328 3048 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
    2011/05/03 09:51:49.0484 3048 AsIO (c959989e2ce8da9bde8cafddba84badf) C:\WINDOWS\system32\drivers\AsIO.sys
    2011/05/03 09:51:49.0562 3048 asuskbnt (f5c2ccdb273a546e9c3a15250f1d9165) C:\WINDOWS\system32\drivers\atkkbnt.sys
    2011/05/03 09:51:49.0625 3048 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/05/03 09:51:49.0656 3048 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/05/03 09:51:49.0718 3048 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/05/03 09:51:49.0750 3048 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/05/03 09:51:49.0812 3048 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/05/03 09:51:49.0859 3048 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    2011/05/03 09:51:49.0906 3048 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
    2011/05/03 09:51:49.0937 3048 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    2011/05/03 09:51:49.0984 3048 BTHPORT (29ff6a865782d0f5b8e7fa1ffab4182b) C:\WINDOWS\system32\Drivers\BTHport.sys
    2011/05/03 09:51:50.0031 3048 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    2011/05/03 09:51:50.0078 3048 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/05/03 09:51:50.0125 3048 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/05/03 09:51:50.0171 3048 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/05/03 09:51:50.0203 3048 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/05/03 09:51:50.0359 3048 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/05/03 09:51:50.0484 3048 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/05/03 09:51:50.0531 3048 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/05/03 09:51:50.0593 3048 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    2011/05/03 09:51:50.0687 3048 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/05/03 09:51:50.0734 3048 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/05/03 09:51:50.0796 3048 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/05/03 09:51:50.0828 3048 EIO (6f41da43aa4806a7bdbb2f9a8b05023e) C:\WINDOWS\system32\drivers\EIO.sys
    2011/05/03 09:51:50.0921 3048 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/05/03 09:51:50.0984 3048 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/05/03 09:51:51.0031 3048 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    2011/05/03 09:51:51.0062 3048 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/05/03 09:51:51.0109 3048 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/05/03 09:51:51.0156 3048 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    2011/05/03 09:51:51.0187 3048 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/05/03 09:51:51.0203 3048 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/05/03 09:51:51.0265 3048 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    2011/05/03 09:51:51.0296 3048 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/05/03 09:51:51.0343 3048 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
    2011/05/03 09:51:51.0406 3048 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/05/03 09:51:51.0453 3048 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/05/03 09:51:51.0531 3048 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/05/03 09:51:51.0562 3048 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/05/03 09:51:51.0593 3048 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/05/03 09:51:51.0640 3048 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/05/03 09:51:51.0734 3048 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/05/03 09:51:51.0781 3048 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/05/03 09:51:51.0859 3048 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/05/03 09:51:51.0890 3048 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/05/03 09:51:51.0937 3048 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/05/03 09:51:51.0984 3048 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/05/03 09:51:52.0015 3048 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/05/03 09:51:52.0062 3048 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/05/03 09:51:52.0109 3048 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/05/03 09:51:52.0171 3048 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/05/03 09:51:52.0265 3048 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/05/03 09:51:52.0312 3048 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/05/03 09:51:52.0375 3048 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
    2011/05/03 09:51:52.0406 3048 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
    2011/05/03 09:51:52.0468 3048 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
    2011/05/03 09:51:52.0515 3048 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
    2011/05/03 09:51:52.0562 3048 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/05/03 09:51:52.0625 3048 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/05/03 09:51:52.0703 3048 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
    2011/05/03 09:51:52.0750 3048 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/05/03 09:51:52.0796 3048 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    2011/05/03 09:51:52.0843 3048 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/05/03 09:51:52.0890 3048 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/05/03 09:51:52.0921 3048 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/05/03 09:51:52.0984 3048 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/05/03 09:51:53.0046 3048 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/05/03 09:51:53.0125 3048 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/05/03 09:51:53.0171 3048 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/05/03 09:51:53.0234 3048 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/05/03 09:51:53.0265 3048 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/05/03 09:51:53.0312 3048 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/05/03 09:51:53.0359 3048 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/05/03 09:51:53.0406 3048 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
    2011/05/03 09:51:53.0453 3048 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
    2011/05/03 09:51:53.0500 3048 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/05/03 09:51:53.0531 3048 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/05/03 09:51:53.0578 3048 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/05/03 09:51:53.0609 3048 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/05/03 09:51:53.0671 3048 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS
    distapi.sys
    2011/05/03 09:51:53.0718 3048 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
    disuio.sys
    2011/05/03 09:51:53.0750 3048 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
    diswan.sys
    2011/05/03 09:51:53.0859 3048 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/05/03 09:51:53.0906 3048 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
    etbios.sys
    2011/05/03 09:51:53.0937 3048 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
    etbt.sys
    2011/05/03 09:51:54.0062 3048 NetworkX (aad4636f8f670cd2b8d394adec920b5d) C:\WINDOWS\system32\ckldrv.sys
    2011/05/03 09:51:54.0109 3048 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/05/03 09:51:54.0171 3048 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/05/03 09:51:54.0218 3048 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/05/03 09:51:54.0343 3048 nv (be10db9ad60d5814aeff31d976b99448) C:\WINDOWS\system32\DRIVERS
    v4_mini.sys
    2011/05/03 09:51:54.0468 3048 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
    wlnkflt.sys
    2011/05/03 09:51:54.0531 3048 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
    wlnkfwd.sys
    2011/05/03 09:51:54.0625 3048 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/05/03 09:51:54.0703 3048 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/05/03 09:51:54.0750 3048 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/05/03 09:51:54.0796 3048 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/05/03 09:51:54.0843 3048 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/05/03 09:51:54.0906 3048 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/05/03 09:51:55.0000 3048 pdiddcci (d1fc85a4880539657bb4d3775da0c541) C:\WINDOWS\system32\DRIVERS\pdiddcci.sys
    2011/05/03 09:51:55.0046 3048 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\WINDOWS\system32\Drivers\PdiPorts.sys
    2011/05/03 09:51:55.0171 3048 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/05/03 09:51:55.0203 3048 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/05/03 09:51:55.0250 3048 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/05/03 09:51:55.0296 3048 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/05/03 09:51:55.0359 3048 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
    2011/05/03 09:51:55.0484 3048 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/05/03 09:51:55.0546 3048 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/05/03 09:51:55.0578 3048 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/05/03 09:51:55.0609 3048 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/05/03 09:51:55.0671 3048 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/05/03 09:51:55.0718 3048 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/05/03 09:51:55.0796 3048 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/05/03 09:51:55.0843 3048 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/05/03 09:51:55.0890 3048 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    2011/05/03 09:51:55.0953 3048 RTL8023xp (4f2fdf468895163cc30eed702b3d189c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2011/05/03 09:51:56.0031 3048 sdpiosys (770872e7c4985d3fdf8755ec632c11e1) C:\WINDOWS\system32\drivers\sdpiosys.sys
    2011/05/03 09:51:56.0078 3048 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/05/03 09:51:56.0140 3048 SenFiltService (23228966244cdd9627bde4141b3be1f0) C:\WINDOWS\system32\drivers\Senfilt.sys
    2011/05/03 09:51:56.0203 3048 Ser2pl (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
    2011/05/03 09:51:56.0281 3048 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/05/03 09:51:56.0312 3048 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/05/03 09:51:56.0359 3048 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    2011/05/03 09:51:56.0406 3048 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/05/03 09:51:56.0453 3048 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    2011/05/03 09:51:56.0500 3048 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/05/03 09:51:56.0562 3048 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/05/03 09:51:56.0609 3048 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/05/03 09:51:56.0656 3048 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/05/03 09:51:56.0703 3048 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/05/03 09:51:56.0734 3048 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/05/03 09:51:56.0828 3048 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/05/03 09:51:56.0890 3048 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/05/03 09:51:56.0937 3048 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/05/03 09:51:57.0156 3048 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/05/03 09:51:57.0187 3048 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/05/03 09:51:57.0312 3048 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/05/03 09:51:57.0406 3048 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/05/03 09:51:57.0468 3048 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/05/03 09:51:57.0515 3048 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/05/03 09:51:57.0812 3048 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/05/03 09:51:57.0921 3048 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/05/03 09:51:57.0968 3048 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/05/03 09:51:58.0031 3048 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/05/03 09:51:58.0062 3048 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/05/03 09:51:58.0093 3048 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/05/03 09:51:58.0125 3048 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/05/03 09:51:58.0171 3048 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/05/03 09:51:58.0218 3048 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/05/03 09:51:58.0281 3048 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/05/03 09:51:58.0359 3048 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
    2011/05/03 09:51:58.0406 3048 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/05/03 09:51:58.0562 3048 ================================================================================
    2011/05/03 09:51:58.0562 3048 Scan finished
    2011/05/03 09:51:58.0562 3048 ================================================================================
    2011/05/03 09:52:35.0875 2504 Deinitialize success

    lopR


    ——————–\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
    BIOS : BIOS Date: 12/01/05 10:35:14 Ver: 08.00.10
    USER : Eigenaar ( Administrator )
    BOOT : Normal boot
    Antivirus : Kaspersky Internet Security 9.0.0.736 (Activated)
    Firewall : Kaspersky Internet Security 9.0.0.736 (Activated)
    C:\ (Local Disk) - NTFS - Total:298 Go (Free:235 Go)
    D:\ (CD or DVD)
    E:\ (USB)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( di 03-05-2011| 9:55 )


    HERSTEL

    Verwijderd ! - C:\DOCUME~1\Eigenaar\Cookies\eigenaar@www.networkadvertising[1].txt
    -
    [ Hosts bestand ] .. Hersteld !




    ——————–\\ Beschrijving van mappen in APPLIC~1

    [12-07-2006|19:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [0|bestand(en)] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes
    [3|map(pen)] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes beschikbaar

    [07-09-2007|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acoustica
    [02-02-2010|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [13-07-2006|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [21-10-2010|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon
    [18-09-2008|08:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Barbie Modeshow
    [01-04-2009|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
    [01-04-2009|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CBL-Electronics
    [13-06-2008|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [05-06-2007|18:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [03-05-2011|07:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
    [21-01-2011|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
    [26-06-2010|15:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [26-02-2011|15:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
    [23-01-2010|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [04-06-2010|19:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [13-04-2011|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [17-03-2009|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\No23 Recorder
    [10-01-2010|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
    [16-07-2006|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1
    View_Profiles
    [20-08-2006|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [13-06-2008|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    [28-02-2011|20:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [25-12-2010|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sun
    [06-06-2007|20:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [13-07-2006|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [04-02-2007|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [16-04-2008|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [22-07-2007|13:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\YAHOO
    [0|bestand(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
    [30|map(pen)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes beschikbaar

    [12-07-2006|19:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [0|bestand(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
    [3|map(pen)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes beschikbaar

    [07-09-2007|14:49] C:\DOCUME~1\Eigenaar\APPLIC~1\Acoustica
    [30-03-2011|14:42] C:\DOCUME~1\Eigenaar\APPLIC~1\Adobe
    [26-02-2007|13:37] C:\DOCUME~1\Eigenaar\APPLIC~1\Ahead
    [21-10-2010|20:05] C:\DOCUME~1\Eigenaar\APPLIC~1\Babylon
    [01-04-2009|15:54] C:\DOCUME~1\Eigenaar\APPLIC~1\CBL-Electronics
    [19-06-2008|17:23] C:\DOCUME~1\Eigenaar\APPLIC~1\DisplayTune
    [09-05-2009|23:21] C:\DOCUME~1\Eigenaar\APPLIC~1\Download Manager
    [28-03-2011|16:41] C:\DOCUME~1\Eigenaar\APPLIC~1\DVDVideoSoftIEHelpers
    [14-12-2008|20:00] C:\DOCUME~1\Eigenaar\APPLIC~1\Foxit
    [04-03-2010|22:07] C:\DOCUME~1\Eigenaar\APPLIC~1\Foxit Software
    [14-01-2008|19:52] C:\DOCUME~1\Eigenaar\APPLIC~1\GetRightToGo
    [30-07-2008|09:35] C:\DOCUME~1\Eigenaar\APPLIC~1\Google
    [14-08-2006|19:18] C:\DOCUME~1\Eigenaar\APPLIC~1\Help
    [13-06-2008|13:31] C:\DOCUME~1\Eigenaar\APPLIC~1\HP
    [12-07-2006|19:08] C:\DOCUME~1\Eigenaar\APPLIC~1\Identities
    [21-06-2009|12:10] C:\DOCUME~1\Eigenaar\APPLIC~1\IObit
    [17-07-2006|13:38] C:\DOCUME~1\Eigenaar\APPLIC~1\Macromedia
    [26-06-2010|15:07] C:\DOCUME~1\Eigenaar\APPLIC~1\Malwarebytes
    [20-04-2010|19:42] C:\DOCUME~1\Eigenaar\APPLIC~1\Microsoft
    [13-07-2006|17:13] C:\DOCUME~1\Eigenaar\APPLIC~1\Microsoft Web Folders
    [27-01-2010|19:44] C:\DOCUME~1\Eigenaar\APPLIC~1\Mozilla
    [06-05-2007|17:50] C:\DOCUME~1\Eigenaar\APPLIC~1\MusicIP
    [13-07-2006|14:17] C:\DOCUME~1\Eigenaar\APPLIC~1\OpenOffice.org2
    [24-01-2009|12:59] C:\DOCUME~1\Eigenaar\APPLIC~1\Orban
    [23-08-2010|17:25] C:\DOCUME~1\Eigenaar\APPLIC~1\Panasonic
    [26-08-2008|14:30] C:\DOCUME~1\Eigenaar\APPLIC~1\Pioneer
    [09-04-2011|21:40] C:\DOCUME~1\Eigenaar\APPLIC~1\PriceGong
    [17-01-2007|15:03] C:\DOCUME~1\Eigenaar\APPLIC~1\Protexis
    [13-07-2006|10:39] C:\DOCUME~1\Eigenaar\APPLIC~1\Sun
    [12-06-2008|16:23] C:\DOCUME~1\Eigenaar\APPLIC~1\Sunbelt Software
    [06-06-2007|20:06] C:\DOCUME~1\Eigenaar\APPLIC~1\Symantec
    [20-08-2008|17:29] C:\DOCUME~1\Eigenaar\APPLIC~1\Syntrillium
    [24-06-2009|17:38] C:\DOCUME~1\Eigenaar\APPLIC~1\TeamViewer
    [15-04-2011|20:17] C:\DOCUME~1\Eigenaar\APPLIC~1\uTorrent
    [27-01-2010|19:47] C:\DOCUME~1\Eigenaar\APPLIC~1\Vivox
    [21-10-2010|19:54] C:\DOCUME~1\Eigenaar\APPLIC~1\vlc
    [04-05-2010|20:58] C:\DOCUME~1\Eigenaar\APPLIC~1\VoipBuster
    [23-01-2010|12:50] C:\DOCUME~1\Eigenaar\APPLIC~1\Windows Live Writer
    [0|bestand(en)] C:\DOCUME~1\Eigenaar\APPLIC~1\bytes
    [40|map(pen)] C:\DOCUME~1\Eigenaar\APPLIC~1\bytes beschikbaar

    [15-11-2008|13:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\agi
    [04-03-2010|22:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\Foxit Software
    [12-07-2006|19:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [0|bestand(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
    [5|map(pen)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes beschikbaar

    [12-07-2006|19:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [0|bestand(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
    [3|map(pen)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes beschikbaar

    [16-05-2007|09:33] C:\DOCUME~1\USERPO~1\APPLIC~1\Microsoft
    [0|bestand(en)] C:\DOCUME~1\USERPO~1\APPLIC~1\bytes
    [3|map(pen)] C:\DOCUME~1\USERPO~1\APPLIC~1\bytes beschikbaar

    ——————–\\ Geplande Taken gelocaliseerd in C:\WINDOWS\Tasks

    [03-05-2011 09:28][–a——] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [03-05-2011 07:46][–a——] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [03-05-2011 07:46][–ah—–] C:\WINDOWS\tasks\SA.DAT
    [04-08-2004 14:00][-r-h—–] C:\WINDOWS\tasks\desktop.ini

    ——————–\\ Beschrijving van mappen in C:\Program Files

    [30-03-2011|14:38] C:\Program Files\Adobe
    [12-12-2008|20:55] C:\Program Files\AGI
    [13-07-2006|10:09] C:\Program Files\Ahead
    [12-07-2006|19:47] C:\Program Files\Analog Devices
    [12-07-2006|19:49] C:\Program Files\ASUS
    [12-07-2006|19:55] C:\Program Files\ASUSTeK
    [19-02-2011|21:48] C:\Program Files\Axis Communications
    [24-06-2009|13:52] C:\Program Files\Backup Registry
    [06-03-2010|12:55] C:\Program Files\CCleaner
    [30-03-2011|14:40] C:\Program Files\Common Files
    [12-07-2006|19:02] C:\Program Files\ComPlus Applications
    [27-11-2007|16:39] C:\Program Files\DFX
    [28-08-2006|17:49] C:\Program Files\directx
    [10-10-2010|18:43] C:\Program Files\DVDVideoSoft
    [27-05-2007|15:06] C:\Program Files\Firebird
    [06-03-2010|12:56] C:\Program Files\Foxit Software
    [04-02-2011|19:42] C:\Program Files\Google
    [13-06-2008|11:31] C:\Program Files\Hewlett-Packard
    [13-06-2008|11:53] C:\Program Files\HP
    [04-02-2011|20:17] C:\Program Files\Image-Line
    [30-03-2011|14:38] C:\Program Files\InstallShield Installation Information
    [12-07-2006|19:26] C:\Program Files\Intel
    [13-04-2011|19:15] C:\Program Files\Internet Explorer
    [22-04-2008|20:50] C:\Program Files\Jasc Software Inc
    [26-02-2011|15:39] C:\Program Files\Java
    [02-05-2011|21:25] C:\Program Files\jv16 PowerTools 2010
    [21-01-2011|12:31] C:\Program Files\Kaspersky Lab
    [13-07-2006|14:10] C:\Program Files\Logitech
    [02-02-2010|18:03] C:\Program Files\Malmberg
    [26-01-2011|17:11] C:\Program Files\Malwarebytes' Anti-Malware
    [12-03-2009|19:58] C:\Program Files\Managed DirectX (0900)
    [14-08-2008|13:02] C:\Program Files\Messenger
    [13-11-2010|11:21] C:\Program Files\Messenger Plus! Live
    [12-11-2008|20:16] C:\Program Files\MessengerDiscovery
    [29-01-2011|18:42] C:\Program Files\MGI
    [10-11-2009|16:40] C:\Program Files\Microsoft
    [11-05-2007|06:53] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [13-07-2006|17:13] C:\Program Files\microsoft frontpage
    [24-06-2009|16:09] C:\Program Files\Microsoft Office
    [21-04-2011|21:31] C:\Program Files\Microsoft Silverlight
    [14-03-2009|13:54] C:\Program Files\Microsoft SQL Server Compact Edition
    [14-03-2009|13:55] C:\Program Files\Microsoft Sync Framework
    [03-10-2009|21:08] C:\Program Files\Microsoft Works
    [24-06-2009|16:09] C:\Program Files\Microsoft.NET
    [11-08-2010|19:01] C:\Program Files\Movie Maker
    [14-12-2008|20:00] C:\Program Files\Mozilla Firefox
    [19-11-2008|18:57] C:\Program Files\MP3Gain
    [06-08-2009|19:03] C:\Program Files\MSBuild
    [22-06-2009|18:05] C:\Program Files\MSECache
    [12-07-2006|19:01] C:\Program Files\MSN Gaming Zone
    [25-06-2008|07:02] C:\Program Files\MSXML 4.0
    [25-03-2009|14:34] C:\Program Files\NetMeeting
    [12-07-2006|19:04] C:\Program Files\Online Services
    [13-07-2006|17:45] C:\Program Files\OpenOffice.org 2.0
    [15-12-2010|20:00] C:\Program Files\Outlook Express
    [19-06-2008|17:21] C:\Program Files\Portrait Displays
    [16-05-2007|09:32] C:\Program Files\PostgreSQL
    [06-08-2009|19:03] C:\Program Files\Reference Assemblies
    [07-08-2010|17:47] C:\Program Files\SHOUTcast
    [02-02-2010|19:05] C:\Program Files\Spybot - Search & Destroy
    [17-10-2010|19:22] C:\Program Files\Streamer
    [17-02-2010|17:34] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    [02-05-2011|22:02] C:\Program Files\Trend Micro
    [12-07-2006|19:08] C:\Program Files\Uninstall Information
    [07-01-2011|15:14] C:\Program Files\uTorrent
    [10-03-2011|15:32] C:\Program Files\VirtualDJ
    [21-10-2010|19:50] C:\Program Files\Winamp
    [21-10-2010|19:50] C:\Program Files\Winamp Detect
    [22-06-2009|18:06] C:\Program Files\Windows Installer Clean Up
    [19-02-2011|21:47] C:\Program Files\Windows Live
    [28-02-2010|21:11] C:\Program Files\Windows Media Player
    [13-06-2008|11:04] C:\Program Files\Windows NT
    [12-07-2006|19:04] C:\Program Files\WindowsUpdate
    [14-04-2007|08:08] C:\Program Files\WinRAR
    [01-12-2010|21:07] C:\Program Files\Wolters-Noordhoff
    [12-07-2006|19:05] C:\Program Files\xerox
    [22-07-2007|13:45] C:\Program Files\Yahoo!
    [02-02-2010|18:03] C:\Program Files\Youtube Downloader HD
    [26-03-2011|18:19] C:\Program Files\Yuna Software
    [0|bestand(en)] C:\Program Files\bytes
    [81|map(pen)] C:\Program Files\bytes beschikbaar

    ——————–\\ Beschrijving van mappen in C:\Program Files\Common Files

    [17-01-2007|15:08] C:\Program Files\Common Files\Acronis
    [30-03-2011|14:39] C:\Program Files\Common Files\Adobe
    [13-07-2006|10:06] C:\Program Files\Common Files\Ahead
    [24-06-2009|16:09] C:\Program Files\Common Files\DESIGNER
    [28-03-2011|16:41] C:\Program Files\Common Files\DVDVideoSoft
    [13-06-2008|11:31] C:\Program Files\Common Files\Hewlett-Packard
    [13-06-2008|11:35] C:\Program Files\Common Files\HP
    [03-01-2011|19:44] C:\Program Files\Common Files\INCA Shared
    [05-06-2007|18:28] C:\Program Files\Common Files\InstallShield
    [26-02-2011|15:44] C:\Program Files\Common Files\Java
    [13-07-2006|14:11] C:\Program Files\Common Files\Logitech
    [13-04-2011|19:17] C:\Program Files\Common Files\Microsoft Shared
    [12-07-2006|19:03] C:\Program Files\Common Files\MSSoap
    [13-07-2006|10:08] C:\Program Files\Common Files\Nero
    [08-02-2008|19:01] C:\Program Files\Common Files\NSV
    [12-07-2006|20:16] C:\Program Files\Common Files\ODBC
    [19-06-2008|17:21] C:\Program Files\Common Files\Portrait Displays
    [12-07-2006|19:03] C:\Program Files\Common Files\Services
    [13-06-2008|11:36] C:\Program Files\Common Files\Sonic Shared
    [12-07-2006|20:16] C:\Program Files\Common Files\SpeechEngines
    [13-06-2008|11:04] C:\Program Files\Common Files\System
    [30-03-2011|14:40] C:\Program Files\Common Files\Vbox
    [17-09-2008|20:09] C:\Program Files\Common Files\Vivendi Universal Games
    [14-03-2009|11:05] C:\Program Files\Common Files\Windows Live
    [15-04-2008|18:11] C:\Program Files\Common Files\WindowsLiveInstaller
    [16-09-2009|18:00] C:\Program Files\Common Files\YDP
    [0|bestand(en)] C:\Program Files\Common Files\bytes
    [28|map(pen)] C:\Program Files\Common Files\bytes beschikbaar

    ——————–\\ Process

    ( 45 Processes )

    IEXPLORE.EXE ~ [PID:3652]
    IEXPLORE.EXE ~ [PID:2460]

    ——————–\\ Zoeken met S_Lop

    Geen Lop mappen gevonden !

    ——————–\\ Zoeken naar Lop Bestanden - Mappen

    Geen Lop mappen gevonden !

    ——————–\\ Zoeken doorheen het Register

    ….. OK !

    ——————–\\ Nazicht van het Hosts bestand

    Hosts bestand IN ORDE


    ——————–\\ Zoeken naar verborgen bestanden met Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-03 10:01:36
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes …
    scanning hidden files …
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    ——————–\\ Zoeken naar andere infecties


    Geen andere infecties gevonden !

    [F:406][D:27]-> C:\DOCUME~1\Eigenaar\LOCALS~1\Temp
    [F:194][D:0]-> C:\DOCUME~1\Eigenaar\Cookies
    [F:2850][D:14]-> C:\DOCUME~1\Eigenaar\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - di 03-05-2011|10:03 - Option : [2]

    ——————–\\ Scan voltooid om 10:03:23
  • Hoi zwarte-adelaar, mooi dat de TDSSKillerscan niets heeft opgeleverd.

    Het LopSD log is ook duidelijk, met als belangrijkste gegeven, dat de Hostfile is gerepareerd.

    Je mag nu het volgende doen:

    [b:7ff076a07a]Welk programma[/b:7ff076a07a]: ComboFix
    [b:7ff076a07a]Waarvoor/waarom[/b:7ff076a07a]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:7ff076a07a]Moeilijkheidsgraad[/b:7ff076a07a]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:7ff076a07a]Downloadlokatie[/b:7ff076a07a]: Dit programma absoluut naar het bureaublad downloaden!
    [b:7ff076a07a]Download ComboFix via één van deze locaties[/b:7ff076a07a]:
    [list:7ff076a07a][*:7ff076a07a][b:7ff076a07a]Bleepingcomputer[/b:7ff076a07a]
    [*:7ff076a07a][b:7ff076a07a]ForoSpyware[/b:7ff076a07a]
    [*:7ff076a07a][b:7ff076a07a]Geekstogo[/b:7ff076a07a][/list:u:7ff076a07a]
    [b:7ff076a07a]Hier[/b:7ff076a07a] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:7ff076a07a]Hier[/b:7ff076a07a] en [b:7ff076a07a]hier[/b:7ff076a07a] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:7ff076a07a]Voor alle duidelijkheid nogmaals[/b:7ff076a07a]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:7ff076a07a]Opmerkingen[/b:7ff076a07a]:
    [list:7ff076a07a][*:7ff076a07a] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:7ff076a07a]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:7ff076a07a]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:7ff076a07a]
    [b:7ff076a07a]ComboFix is opgestart[/b:7ff076a07a]:
    [list:7ff076a07a][*:7ff076a07a]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:7ff076a07a]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:7ff076a07a]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:7ff076a07a]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:7ff076a07a]Post de inhoud van dit logbestand in je volgende bericht.
    [*:7ff076a07a]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:7ff076a07a]
    [b:7ff076a07a]Belangrijke opmerking[/b:7ff076a07a]:
    [list:7ff076a07a][*:7ff076a07a][b:7ff076a07a]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:7ff076a07a][/b:7ff076a07a]
    [*:7ff076a07a][b:7ff076a07a]Illegal operation attempted on a registery key that has been marked for deletion.[/color:7ff076a07a][/b:7ff076a07a]
    [*:7ff076a07a][b:7ff076a07a]Start dan de computer opnieuw op.[/color:7ff076a07a][/b:7ff076a07a][/list:u:7ff076a07a]
  • Volgens mij is het goed gelukt met ComboFix.
    Hier is mijn log, ik hoop dat je er iets mee kunt.

    ComboFix 11-05-02.04 - Eigenaar 03-05-2011 15:06:02.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1503 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
    AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Eigenaar\Application Data\PriceGong
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data
    .xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Eigenaar\Favorieten\Videos.url
    c:\documents and settings\Eigenaar\Local Settings\Application Data\lame_enc.dll
    c:\documents and settings\Eigenaar\Local Settings\Application Data
    o23xwrapper.dll
    c:\documents and settings\Eigenaar\Local Settings\Application Data\ogg.dll
    c:\documents and settings\Eigenaar\Local Settings\Application Data\TimerStop.sys
    c:\documents and settings\Eigenaar\Local Settings\Application Data\TimerStop64.sys
    c:\documents and settings\Eigenaar\Local Settings\Application Data\vorbis.dll
    c:\documents and settings\Eigenaar\Local Settings\Application Data\vorbisenc.dll
    c:\documents and settings\Eigenaar\Local Settings\Application Data\vorbisfile.dll
    c:\documents and settings\Eigenaar\WINDOWS
    c:\windows\system32\launcher.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-04-03 to 2011-05-03 ))))))))))))))))))))))))))))))
    .
    .
    2011-05-03 07:54 . 2011-05-03 08:03 ——– d—–w- C:\Lop SD
    2011-05-02 20:03 . 2011-05-02 20:03 388096 —-a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-02 20:02 . 2011-05-02 20:02 ——– d—–w- c:\program files\Trend Micro
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-07 05:33 . 2006-07-12 17:02 692736 —-a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:36 . 2004-08-04 12:00 420864 —-a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:53 . 2004-08-04 12:00 1858048 —-a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:07 . 2007-05-10 14:58 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 23:07 . 2004-08-04 12:00 916480 —-a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:07 . 2004-08-04 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 11:43 . 2004-08-04 12:00 385024 —-a-w- c:\windows\system32\html.iec
    2011-02-17 13:18 . 2004-08-04 12:00 455936 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2004-08-04 12:00 357888 —-a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:54 . 2008-05-05 05:25 5632 —-a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56 . 2004-08-04 12:00 290432 —-a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:54 . 2004-08-04 12:00 270848 —-a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:54 . 2004-08-04 12:00 186880 —-a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2004-08-04 12:00 978944 —-a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2004-08-04 12:00 974848 —-a-w- c:\windows\system32\mfc42u.dll
    2011-02-04 17:49 . 2011-02-04 17:49 22 –sha-w- c:\documents and settings\Eigenaar\Application Data\Sys6925.Config Collection.sys
    2011-02-02 20:40 . 2010-12-25 09:09 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 18:19 . 2007-05-21 20:42 73728 —-a-w- c:\windows\system32\javacpl.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-07-08 925696]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 7311360]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2011-01-21 340520]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Photosmart Premier Snelstart.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Photosmart Premier Snelstart.lnk
    backup=c:\windows\pss\HP Photosmart Premier Snelstart.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
    path=c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
    backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BabylonToolbar
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT LGE]
    2007-06-12 10:32 291328 —-a-w- c:\program files\Portrait Displays\forteManager\dthtml.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
    2004-10-27 13:21 61952 ——w- c:\windows\system32\HdAShCut.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    2005-06-08 12:44 196608 —-a-w- c:\program files\Logitech\Video\ManifestEngine.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    2005-06-08 13:24 458752 —-a-w- c:\program files\Logitech\Video\ISStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    2005-06-08 13:14 217088 —-a-w- c:\program files\Logitech\Video\LogiTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    2005-07-19 15:32 221184 —-a-w- c:\windows\system32\LVCOMSX.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 20:33 1695232 ——w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 08:50 155648 —-a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2005-12-09 19:06 7311360 —-a-w- c:\windows\system32
    vcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2005-12-09 19:06 86016 —-a-w- c:\windows\system32
    vmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    wiz]
    2005-12-09 19:06 1519616 —-a-w- c:\windows\system32
    wiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2010-07-12 16:32 74752 —-a-w- c:\program files\Winamp\winampa.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "HP Status Server"=3 (0x3)
    "HP Port Resolver"=3 (0x3)
    "ose"=3 (0x3)
    "fsssvc"=3 (0x3)
    "DTSRVC"=2 (0x2)
    "Crypkey License"=2 (0x2)
    "npggsvc"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "gusvc"=3 (0x3)
    "gupdate"=2 (0x2)
    "SeaPort"=2 (0x2)
    "odserv"=3 (0x3)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "AVP"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    .
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14-10-2009 21:18 36880]
    R1 sdpiosys;sdpiosys;c:\windows\system32\drivers\SDPIOSYS.SYS [30-11-2004 12:10 161792]
    R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14-9-2009 14:42 32272]
    S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\Eigenaar\LOCALS~1\Temp\cdrmkaun.sys –> c:\docume~1\Eigenaar\LOCALS~1\Temp\cdrmkaun.sys [?]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys –> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
    S4 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12-9-2010 20:17 136176]
    S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service –> c:\windows\system32\GameMon.des -service [?]
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - KLMD25
    *Deregistered* - klmd25
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-12 18:17]
    .
    2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-12 18:17]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://google.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Free YouTube to MP3 Converter - c:\documents and settings\Eigenaar\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Eigenaar\Menu Start\Programma's\IMVU\Run IMVU.lnk
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {A672558F-A878-4D5A-A921-627C091CEB60} - hxxp://data.flatcast.com/NpFp415.dll
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.101.154.174/activex/AMC.cab
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    HKLM-Run-PrimaLauncher - c:\windows\system32\Launcher.exe
    MSConfigStartUp-AVP - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-03 15:14
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services
    pggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Voltooingstijd: 2011-05-03 15:17:45
    ComboFix-quarantined-files.txt 2011-05-03 13:17
    .
    Pre-Run: 256.753.704.960 bytes beschikbaar
    Post-Run: 257.035.436.032 bytes beschikbaar
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 9278ED4D58E016278142EB3795AB2B7C
  • Hoi zwarte-adelaar, er zit een rootkit-systeem in jouw Windows!

    Download [b:e28a140083]GMER[/b:e28a140083] van één van de volgende locaties, en sla het op je Bureaublad op:[list:e28a140083]
    [*:e28a140083][b:e28a140083]Primaire downloadlocatie[/b:e28a140083]
    [i:e28a140083]Deze mirror zal een random genaamd bestand geven (Aanbevolen)[/i:e28a140083]
    [*:e28a140083][b:e28a140083]Gezipt bestand[/b:e28a140083]
    [i:e28a140083]Deze optie zal een zip-bestand geven dat eerst uitgepakt moet worden. Als je deze gebruikt, pak het dan uit naar je bureaublad.[/i:e28a140083][/list:u:e28a140083][list:e28a140083]
    [*:e28a140083]Verbreek je internetverbinding en [b:e28a140083]sluit alle openstaande programma's[/b:e28a140083].
    [*:e28a140083]Schakel tijdelijk je real-time beveiligingssoftware uit.
    [*:e28a140083]Dubbelklik op het [b:e28a140083]random vernoemd[/b:e28a140083] GMER bestand (bijv. n7gmo46c.exe) en sta toe dat de [b:e28a140083]gmer.sys[/b:e28a140083] driver wordt geladen, als dit gevraagd wordt.
    [*:e28a140083][i:e28a140083]Let op: Als je de gezipte vesie hebt gedownload, pak het bestand dan uit naar een vaste map, zoals bijvoorbeeld C:\gmer en dubbelklik dan op gmer.exe.[/color:e28a140083][/i:e28a140083]

    [img:e28a140083]http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif[/img:e28a140083]

    [*:e28a140083]GMER zal het Rootkit/Malware tabblad openen, en een automatische snelle scan uitvoeren wanneer GMER voor de eerste keer uitgevoerd wordt. [i:e28a140083](gebruik de computer niet tijdens de scan)[/i:e28a140083]
    [*:e28a140083]Als je een [b:e28a140083]WARNING!!![/b:e28a140083] over rootkit activiteit ontvangt, en je wordt gevraagd om je systeem geheel te scannen…klik dan op [b:e28a140083]NO[/b:e28a140083].
    [*:e28a140083]Klik nu op de [b:e28a140083]Scan[/b:e28a140083] knop. Als je een rootkit waarschuwingsvenster krijgt, klik dan op OK.
    [*:e28a140083]Klik op de [b:e28a140083]Save…[/b:e28a140083] knop als de scan voltooid is, en sla het logbestand op je bureaublad op. Sla het bestand op als [b:e28a140083]gmer.log[/b:e28a140083].
    [*:e28a140083]Klik op de [b:e28a140083]Copy[/b:e28a140083] knop en post de log in je volgende bericht.
    [*:e28a140083]Sluit GMER en zet alle real-time protectie weer aan.[/list:u:e28a140083][i:e28a140083]– Als je enige problemen hebt, probeer GMER dan in [b:e28a140083]veilige modus[/b:e28a140083] uit te voeren[/color:e28a140083][/i:e28a140083].
  • Oke, dat is vrij ernstig neem ik aan?
    Ik heb GMER 3x geprobeerd in normale modus en 1x in veilige modus, dit ging beide keren mis. Ik zal het morgen nog eens proberen in veilige modus aangezien dit beter af gaat dan normaal, en als ik dit gedaan heb, wat moet er dan verder nog gebeuren om dit zo goed mogelijk te verwijderen?
  • Had je alle antivirus- en antispywareprogramma's gedaktiveerd - want dat is absoluut een "must"!

    En: download GMER opnieuw en daarna naar veilige modus heropstarten!

    Desnoods start je daarna eerst Taakmanager om eventuele beveiligingsprocessen alsnog via rechtsklik te stoppen!
  • ja ik had hem uit staan. Straks nog maar eens proberen.
  • Laat het weten, indien het nog steeds niet wil lukken!
  • PB
  • Het is niet bepaald het GMER-log wat ik verwacht had.

    Doe het volgende:

    [b:9214e463a3]Welk programma[/b:9214e463a3]: MBRCheck.exe
    [b:9214e463a3]Waarvoor/waarom[/b:9214e463a3]: speciale scan op mbr-rootkits
    [b:9214e463a3]Moeilijkheidsgraad[/b:9214e463a3]: geen.
    [b:9214e463a3]Download MBRCheck.exe[/b:9214e463a3]

    [b:9214e463a3]MBRCheck.exe opstarten[/b:9214e463a3]:
    Windows 2000 en Windows XP: start MBRCheck.exe middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start MBRCheck.exe middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.

    [list:9214e463a3][*:9214e463a3]een zwart scherm toont zich met enkele data erin.
    [*:9214e463a3]Op je bureaublad zal een logbestand met de naam "MBRcheckxxxx.txt" verschijnen.
    [*:9214e463a3]Kopieer nu de inhoud van dat log in je volgende post.[/list:u:9214e463a3]
  • Hier mijn logje, ik hoop dat je er wat mee kan.


    Kernel Drivers (total 127):
    0x804D7000 \WINDOWS\system32
    toskrnl.exe
    0x80701000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF75A7000 ACPI.sys
    0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7596000 pci.sys
    0xF75F7000 isapnp.sys
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7607000 MountMgr.sys
    0xF74D7000 ftdisk.sys
    0xF770F000 PartMgr.sys
    0xF7617000 VolSnap.sys
    0xF74BF000 atapi.sys
    0xF7627000 disk.sys
    0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF749F000 fltmgr.sys
    0xF748D000 sr.sys
    0xF7647000 PxHelp20.sys
    0xF7476000 KSecDD.sys
    0xF7B52000 Ntfs.sys
    0xF7449000 NDIS.sys
    0xF742F000 Mup.sys
    0xF7657000 klbg.sys
    0xF7576000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB9507000 \SystemRoot\system32\DRIVERS
    v4_mini.sys
    0xB94F3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB94CB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB94B8000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    0xF7747000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB9494000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF774F000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB9480000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF7566000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7757000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF775F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7556000 \SystemRoot\system32\DRIVERS\serial.sys
    0xBA7BC000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF79A5000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0xF7546000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7536000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF7526000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB945D000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA7B4000 \SystemRoot\system32\drivers\atkkbnt.sys
    0xF7516000 \SystemRoot\system32\DRIVERS\klim5.sys
    0xF7AA7000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA770000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7923000 \SystemRoot\system32\DRIVERS
    distapi.sys
    0xB9446000 \SystemRoot\system32\DRIVERS
    diswan.sys
    0xBA760000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA750000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7767000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB9435000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA740000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF776F000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7777000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xBA643000 \SystemRoot\System32\Drivers\PdiPorts.sys
    0xBA730000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF79B9000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB93D7000 \SystemRoot\system32\DRIVERS\update.sys
    0xBA63F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA720000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB6DDF000 \SystemRoot\system32\drivers\ADIHdAud.sys
    0xB6DBB000 \SystemRoot\system32\drivers\portcls.sys
    0xBA030000 \SystemRoot\system32\drivers\drmk.sys
    0xB6CFB000 \SystemRoot\system32\drivers\AEAudio.sys
    0xB6C9B000 \SystemRoot\system32\drivers\Senfilt.sys
    0xBA020000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF79C5000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB6C22000 \SystemRoot\system32\DRIVERS\klif.sys
    0xF79C7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7A9C000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79C9000 \SystemRoot\System32\Drivers\Beep.SYS
    0xB6BFA000 \SystemRoot\system32\drivers\sdpiosys.sys
    0xF778F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF7797000 \SystemRoot\System32\drivers\vga.sys
    0xF79CB000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79CD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF779F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF77A7000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7947000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB66BA000 \??\C:\WINDOWS\system32\drivers\kl1.sys
    0xF77AF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xB667F000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB6626000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB65FE000 \SystemRoot\system32\DRIVERS
    etbt.sys
    0xB65D8000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB65B6000 \SystemRoot\System32\drivers\afd.sys
    0xBA010000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xBA000000 \SystemRoot\system32\DRIVERS
    etbios.sys
    0xB658B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB93CB000 \SystemRoot\system32\ckldrv.sys
    0xB64F3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7586000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF79CF000 \SystemRoot\system32\drivers\AsIO.sys
    0xB9FD0000 \SystemRoot\system32\drivers\lvusbsta.sys
    0xB63B1000 \SystemRoot\system32\DRIVERS\LVCM.sys
    0xB6196000 \SystemRoot\system32\DRIVERS\lvsvf2.sys
    0xB9FC0000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0xB9FB0000 \SystemRoot\system32\drivers\usbaudio.sys
    0xB93C3000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xF77B7000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xF77BF000 \SystemRoot\system32\DRIVERS\HPZius12.sys
    0xF77C7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xB9FA0000 \SystemRoot\system32\DRIVERS\HPZid412.sys
    0xB93BF000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
    0xF76E7000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB6C8F000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF77CF000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA52C000 \SystemRoot\System32\drivers\dxgthk.sys
    0xB6C8B000 \SystemRoot\System32\DRIVERS\pdiddcci.sys
    0xBF012000 \SystemRoot\System32\atkdisp.dll
    0xBF04D000 \SystemRoot\System32
    v4_disp.dll
    0xBF413000 \SystemRoot\System32\ATMFD.DLL
    0xB47C1000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
    0xB3FD9000 \SystemRoot\system32\DRIVERS
    disuio.sys
    0xB2CC4000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB3E11000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB2A6D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF79FF000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xB2B9E000 \??\C:\WINDOWS\system32\drivers\EIO.sys
    0xB285D000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB2330000 \SystemRoot\System32\Drivers\HTTP.sys
    0x7C900000 \WINDOWS\system32
    tdll.dll

    Processes (total 37):
    0 System Idle Process
    4 System
    928 C:\WINDOWS\system32\smss.exe
    976 csrss.exe
    1000 C:\WINDOWS\system32\winlogon.exe
    1044 C:\WINDOWS\system32\services.exe
    1056 C:\WINDOWS\system32\lsass.exe
    1228 C:\WINDOWS\system32\svchost.exe
    1316 svchost.exe
    1440 C:\WINDOWS\system32\svchost.exe
    1572 svchost.exe
    1688 svchost.exe
    1884 C:\WINDOWS\system32\spoolsv.exe
    328 C:\WINDOWS\explorer.exe
    620 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    628 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    636 C:\WINDOWS\system32\rundll32.exe
    644 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    660 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    668 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    688 C:\WINDOWS\system32\ctfmon.exe
    800 svchost.exe
    840 C:\WINDOWS\ATKKBService.exe
    852 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    888 svchost.exe
    920 C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    1060 C:\Program Files\Java\jre6\bin\jqs.exe
    1384 C:\WINDOWS\system32
    vsvc32.exe
    1396 C:\WINDOWS\system32\HPZipm12.exe
    1100 C:\WINDOWS\system32\svchost.exe
    204 wdfmgr.exe
    964 C:\WINDOWS\system32\wuauclt.exe
    2872 C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    3356 alg.exe
    4032 C:\WINDOWS\system32\svchost.exe
    1612 wmiprvse.exe
    2108 C:\Documents and Settings\Eigenaar\Bureaublad\MBRCheck.exe

    \\.\C: –> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD3200AAKS-00L9A0, Rev: 01.03E01

    Size Device Name MBR Status
    ——————————————–
    298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: F238F1FE114296B6DC7716517DC1DADB3FF3D5C6


    Done!
  • Doe het volgende, want het schiet nog niet echt op de verdachte processen te vinden!
    Dat komt voornamelijk door het toch wel mislukte GMER-log!

    [b:9923eb5a57]Download DDS.scr (klick) naar je bureaublad.[/b:9923eb5a57]
    [list:9923eb5a57][*:9923eb5a57] Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en daarbij dan kiezend voor Als Administrator uitvoeren!
    [*:9923eb5a57] Sluit eerst alle vensters om daarna dds.scr dubbelklikken - wacht tot de scan klaar is.
    [*:9923eb5a57] Na de scan worden twee tekstdocumnenten geopend - post de inhoud van beide logs!
    [*:9923eb5a57] Ga naar [b:9923eb5a57]DDRMMR's kleurcodeerder[/b:9923eb5a57]
    [*:9923eb5a57] Kopieer en plak de inhoud van de DDS-logfile in het venster en klik op de knop [b:9923eb5a57]Converteer[/b:9923eb5a57]
    [*:9923eb5a57] Kopieer en plak de inhoud van de kleurcodeerder in je aansluitende bericht.[/list:u:9923eb5a57]
  • Gedaan, ik hoop dat je er nu wel iets mee kan!

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Eigenaar at 21:04:23,35 on wo 04-05-2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1478 [GMT 2:00]
    .
    AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Norton Internet Worm Protection *Disabled*
    FW: Kaspersky Internet Security *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    svchost.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Eigenaar\Bureaublad\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
    BHO: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No File
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: {201636b8-5827-d6e1-00e7-b19e6a7af837} - mysidesearch browser optimizer
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Free YouTube to MP3 Converter - c:\documents and settings\eigenaar\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\eigenaar\menu start\programma's\imvu\Run IMVU.lnk
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
    IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    DPF: {A672558F-A878-4D5A-A921-627C091CEB60} - hxxp://data.flatcast.com/NpFp415.dll
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.101.154.174/activex/AMC.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    Notify: klogon - c:\windows\system32\klogon.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
    R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-1-21 315408]
    R1 sdpiosys;sdpiosys;c:\windows\system32\drivers\SDPIOSYS.SYS [2004-11-30 161792]
    R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
    R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_1_5\bin\fbguard.exe -s –> c:\program files\firebird\firebird_1_5\bin\fbguard.exe -s [?]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-14 55152]
    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_1_5\bin\fbserver.exe -s –> c:\program files\firebird\firebird_1_5\bin\fbserver.exe -s [?]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-12 136176]
    S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\eigenaar\locals~1\temp\cdrmkaun.sys –> c:\docume~1\eigenaar\locals~1\temp\cdrmkaun.sys [?]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys –> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-12 136176]
    S4 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
    S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service –> c:\windows\system32\GameMon.des -service [?]
    .
    =============== Created Last 30 ================
    .
    2011-05-03 13:04:34 ——– d-sha-r- C:\cmdcons
    2011-05-03 13:02:29 98816 —-a-w- c:\windows\sed.exe
    2011-05-03 13:02:29 89088 —-a-w- c:\windows\MBR.exe
    2011-05-03 13:02:29 256512 —-a-w- c:\windows\PEV.exe
    2011-05-03 13:02:29 161792 —-a-w- c:\windows\SWREG.exe
    2011-05-03 07:54:31 ——– d—–w- C:\Lop SD
    2011-05-02 20:03:00 388096 —-a-r- c:\docume~1\eigenaar\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-05-02 20:02:54 ——– d—–w- c:\program files\Trend Micro
    .
    ==================== Find3M ====================
    .
    2011-03-07 05:33:45 692736 —-a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:36:55 420864 —-a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:53:36 1858048 —-a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:07:58 916480 —-a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:07:58 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:07:58 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:43:15 385024 —-a-w- c:\windows\system32\html.iec
    2011-02-17 12:54:07 5632 —-a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56:39 290432 —-a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:54:04 270848 —-a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:54:04 186880 —-a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33:59 978944 —-a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33:59 974848 —-a-w- c:\windows\system32\mfc42u.dll
    2011-02-04 17:49:46 22 –sha-w- c:\windows\Sys3390 SettingsCollection.bin
    2011-02-04 17:49:46 22 –sha-w- c:\docume~1\eigenaar\applic~1\Sys6925.Config Collection.sys
    .
    ============= FINISH: 21:06:27,82 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12-7-2006 19:07:23
    System Uptime: 4-5-2011 20:43:14 (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5PL2
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Socket 775 | 3010/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 239,363 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1241: 3-2-2011 22:44:02 - Controlepunt van systeem
    RP1242: 4-2-2011 18:41:42 - Configured Battlefield 1942
    RP1243: 4-2-2011 18:42:01 - Configured Battlefield 1942
    RP1244: 4-2-2011 18:43:42 - Removed PunkBuster for Battlefield 1942
    RP1245: 5-2-2011 21:37:56 - Controlepunt van systeem
    RP1246: 6-2-2011 22:36:06 - Controlepunt van systeem
    RP1247: 8-2-2011 14:38:50 - Controlepunt van systeem
    RP1248: 9-2-2011 18:41:16 - Controlepunt van systeem
    RP1249: 9-2-2011 19:00:16 - Software Distribution Service 3.0
    RP1250: 10-2-2011 21:19:51 - Controlepunt van systeem
    RP1251: 12-2-2011 11:27:21 - Controlepunt van systeem
    RP1252: 13-2-2011 13:14:44 - Controlepunt van systeem
    RP1253: 14-2-2011 21:11:42 - Controlepunt van systeem
    RP1254: 15-2-2011 22:41:01 - Controlepunt van systeem
    RP1255: 16-2-2011 22:47:28 - Controlepunt van systeem
    RP1256: 18-2-2011 18:26:19 - Controlepunt van systeem
    RP1257: 19-2-2011 20:39:32 - Controlepunt van systeem
    RP1258: 19-2-2011 20:46:49 - Verwijderd: Smart Menu's (Windows Live Toolbar)
    RP1259: 19-2-2011 20:47:04 - Verwijderd: Professionals: Pool Paradise
    RP1260: 19-2-2011 20:47:18 - Removed SlideShow
    RP1261: 19-2-2011 20:47:35 - Verwijderd: Windows Live Toolbar
    RP1262: 19-2-2011 20:47:50 - Verwijderd: Windows Live Writer
    RP1263: 19-2-2011 20:48:33 - Verwijderd: Markeringviewer (Windows Live Toolbar)
    RP1264: 26-2-2011 14:38:57 - Installed Java(TM) 6 Update 24
    RP1265: 27-2-2011 16:03:20 - Controlepunt van systeem
    RP1266: 28-2-2011 16:20:03 - Controlepunt van systeem
    RP1267: 1-3-2011 18:24:06 - Controlepunt van systeem
    RP1268: 2-3-2011 18:32:35 - Controlepunt van systeem
    RP1269: 3-3-2011 20:29:15 - Controlepunt van systeem
    RP1270: 4-3-2011 21:00:59 - Controlepunt van systeem
    RP1271: 6-3-2011 9:03:22 - Controlepunt van systeem
    RP1272: 7-3-2011 17:50:26 - Controlepunt van systeem
    RP1273: 8-3-2011 19:00:17 - Software Distribution Service 3.0
    RP1274: 9-3-2011 15:29:56 - Software Distribution Service 3.0
    RP1275: 9-3-2011 19:00:17 - Software Distribution Service 3.0
    RP1276: 10-3-2011 14:32:46 - Installed VirtualDJ Home FREE
    RP1277: 11-3-2011 20:24:09 - Controlepunt van systeem
    RP1278: 12-3-2011 21:39:09 - Controlepunt van systeem
    RP1279: 13-3-2011 22:46:53 - Controlepunt van systeem
    RP1280: 15-3-2011 13:33:50 - Controlepunt van systeem
    RP1281: 16-3-2011 15:54:06 - Controlepunt van systeem
    RP1282: 17-3-2011 18:24:59 - Controlepunt van systeem
    RP1283: 18-3-2011 22:42:31 - Controlepunt van systeem
    RP1284: 20-3-2011 10:55:40 - Controlepunt van systeem
    RP1285: 21-3-2011 15:35:48 - Controlepunt van systeem
    RP1286: 22-3-2011 17:10:57 - Controlepunt van systeem
    RP1287: 23-3-2011 19:20:17 - Controlepunt van systeem
    RP1288: 24-3-2011 19:00:17 - Software Distribution Service 3.0
    RP1289: 25-3-2011 21:35:37 - Controlepunt van systeem
    RP1290: 27-3-2011 14:39:21 - Controlepunt van systeem
    RP1291: 28-3-2011 17:52:09 - Controlepunt van systeem
    RP1292: 29-3-2011 19:00:03 - Controlepunt van systeem
    RP1293: 30-3-2011 20:08:48 - Controlepunt van systeem
    RP1294: 31-3-2011 20:59:38 - Controlepunt van systeem
    RP1295: 1-4-2011 21:44:14 - Controlepunt van systeem
    RP1296: 3-4-2011 14:26:25 - Controlepunt van systeem
    RP1297: 4-4-2011 18:11:58 - Controlepunt van systeem
    RP1298: 5-4-2011 18:34:59 - Controlepunt van systeem
    RP1299: 6-4-2011 19:54:16 - Controlepunt van systeem
    RP1300: 7-4-2011 20:13:14 - Controlepunt van systeem
    RP1301: 8-4-2011 21:01:54 - Controlepunt van systeem
    RP1302: 9-4-2011 21:28:06 - Controlepunt van systeem
    RP1303: 11-4-2011 16:36:34 - Controlepunt van systeem
    RP1304: 12-4-2011 17:54:26 - Controlepunt van systeem
    RP1305: 13-4-2011 18:12:00 - Controlepunt van systeem
    RP1306: 13-4-2011 19:00:21 - Software Distribution Service 3.0
    RP1307: 14-4-2011 21:29:56 - Controlepunt van systeem
    RP1308: 15-4-2011 22:35:38 - Controlepunt van systeem
    RP1309: 17-4-2011 14:00:43 - Controlepunt van systeem
    RP1310: 18-4-2011 14:54:09 - Controlepunt van systeem
    RP1311: 19-4-2011 15:38:23 - Controlepunt van systeem
    RP1312: 20-4-2011 15:51:58 - Controlepunt van systeem
    RP1313: 21-4-2011 18:24:20 - Controlepunt van systeem
    RP1314: 21-4-2011 19:00:17 - Software Distribution Service 3.0
    RP1315: 22-4-2011 19:35:57 - Controlepunt van systeem
    RP1316: 24-4-2011 10:45:34 - Controlepunt van systeem
    RP1317: 25-4-2011 11:27:28 - Controlepunt van systeem
    RP1318: 26-4-2011 11:28:18 - Controlepunt van systeem
    RP1319: 27-4-2011 13:55:42 - Controlepunt van systeem
    RP1320: 28-4-2011 13:00:19 - Software Distribution Service 3.0
    RP1321: 29-4-2011 16:25:22 - Controlepunt van systeem
    RP1322: 30-4-2011 18:02:29 - Controlepunt van systeem
    RP1323: 2-5-2011 12:26:05 - Controlepunt van systeem
    RP1324: 2-5-2011 22:02:50 - Installed HiJackThis
    RP1325: 4-5-2011 11:01:12 - Controlepunt van systeem
    .
    ==== Installed Programs ======================
    .
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 10 ActiveX
    Adobe Illustrator 10 Tryout
    Adobe Reader 8.1.2 - Nederlands
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Shockwave Player 11.5
    Adobe SVG Viewer 3.0
    AiO_Scan_CDA
    AiOSoftwareNPI
    ASUS Enhanced Display Driver
    ASUS nVIDIA Driver
    ASUS_Ai_Proactive_Screensaver (E)
    µTorrent
    Beveiligingsupdate for Windows XP (KB923689)
    Beveiligingsupdate for Windows XP (KB941569)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2183461)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2360131)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2416400)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2482017)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2497640)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB969897)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
    Beveiligingsupdate voor Windows Media Player (KB2378111)
    Beveiligingsupdate voor Windows Media Player (KB911564)
    Beveiligingsupdate voor Windows Media Player (KB952069)
    Beveiligingsupdate voor Windows Media Player (KB954155)
    Beveiligingsupdate voor Windows Media Player (KB968816)
    Beveiligingsupdate voor Windows Media Player (KB973540)
    Beveiligingsupdate voor Windows Media Player (KB975558)
    Beveiligingsupdate voor Windows Media Player (KB978695)
    Beveiligingsupdate voor Windows Media Player (KB979402)
    Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
    Beveiligingsupdate voor Windows Media Player 9 (KB917734)
    Beveiligingsupdate voor Windows Media Player 9 (KB936782)
    Beveiligingsupdate voor Windows XP (KB2079403)
    Beveiligingsupdate voor Windows XP (KB2115168)
    Beveiligingsupdate voor Windows XP (KB2121546)
    Beveiligingsupdate voor Windows XP (KB2160329)
    Beveiligingsupdate voor Windows XP (KB2229593)
    Beveiligingsupdate voor Windows XP (KB2259922)
    Beveiligingsupdate voor Windows XP (KB2279986)
    Beveiligingsupdate voor Windows XP (KB2286198)
    Beveiligingsupdate voor Windows XP (KB2296011)
    Beveiligingsupdate voor Windows XP (KB2296199)
    Beveiligingsupdate voor Windows XP (KB2347290)
    Beveiligingsupdate voor Windows XP (KB2360937)
    Beveiligingsupdate voor Windows XP (KB2387149)
    Beveiligingsupdate voor Windows XP (KB2393802)
    Beveiligingsupdate voor Windows XP (KB2412687)
    Beveiligingsupdate voor Windows XP (KB2419632)
    Beveiligingsupdate voor Windows XP (KB2423089)
    Beveiligingsupdate voor Windows XP (KB2436673)
    Beveiligingsupdate voor Windows XP (KB2440591)
    Beveiligingsupdate voor Windows XP (KB2443105)
    Beveiligingsupdate voor Windows XP (KB2476687)
    Beveiligingsupdate voor Windows XP (KB2478960)
    Beveiligingsupdate voor Windows XP (KB2478971)
    Beveiligingsupdate voor Windows XP (KB2479628)
    Beveiligingsupdate voor Windows XP (KB2479943)
    Beveiligingsupdate voor Windows XP (KB2481109)
    Beveiligingsupdate voor Windows XP (KB2483185)
    Beveiligingsupdate voor Windows XP (KB2485376)
    Beveiligingsupdate voor Windows XP (KB2485663)
    Beveiligingsupdate voor Windows XP (KB2503658)
    Beveiligingsupdate voor Windows XP (KB2506212)
    Beveiligingsupdate voor Windows XP (KB2506223)
    Beveiligingsupdate voor Windows XP (KB2507618)
    Beveiligingsupdate voor Windows XP (KB2508272)
    Beveiligingsupdate voor Windows XP (KB2508429)
    Beveiligingsupdate voor Windows XP (KB2509553)
    Beveiligingsupdate voor Windows XP (KB2511455)
    Beveiligingsupdate voor Windows XP (KB2524375)
    Beveiligingsupdate voor Windows XP (KB913433)
    Beveiligingsupdate voor Windows XP (KB923561)
    Beveiligingsupdate voor Windows XP (KB938464)
    Beveiligingsupdate voor Windows XP (KB946648)
    Beveiligingsupdate voor Windows XP (KB950760)
    Beveiligingsupdate voor Windows XP (KB950762)
    Beveiligingsupdate voor Windows XP (KB950974)
    Beveiligingsupdate voor Windows XP (KB951066)
    Beveiligingsupdate voor Windows XP (KB951376-v2)
    Beveiligingsupdate voor Windows XP (KB951376)
    Beveiligingsupdate voor Windows XP (KB951698)
    Beveiligingsupdate voor Windows XP (KB951748)
    Beveiligingsupdate voor Windows XP (KB952004)
    Beveiligingsupdate voor Windows XP (KB952954)
    Beveiligingsupdate voor Windows XP (KB953839)
    Beveiligingsupdate voor Windows XP (KB954211)
    Beveiligingsupdate voor Windows XP (KB954459)
    Beveiligingsupdate voor Windows XP (KB954600)
    Beveiligingsupdate voor Windows XP (KB955069)
    Beveiligingsupdate voor Windows XP (KB956391)
    Beveiligingsupdate voor Windows XP (KB956572)
    Beveiligingsupdate voor Windows XP (KB956744)
    Beveiligingsupdate voor Windows XP (KB956802)
    Beveiligingsupdate voor Windows XP (KB956803)
    Beveiligingsupdate voor Windows XP (KB956841)
    Beveiligingsupdate voor Windows XP (KB956844)
    Beveiligingsupdate voor Windows XP (KB957095)
    Beveiligingsupdate voor Windows XP (KB957097)
    Beveiligingsupdate voor Windows XP (KB958644)
    Beveiligingsupdate voor Windows XP (KB958687)
    Beveiligingsupdate voor Windows XP (KB958690)
    Beveiligingsupdate voor Windows XP (KB958869)
    Beveiligingsupdate voor Windows XP (KB959426)
    Beveiligingsupdate voor Windows XP (KB960225)
    Beveiligingsupdate voor Windows XP (KB960715)
    Beveiligingsupdate voor Windows XP (KB960803)
    Beveiligingsupdate voor Windows XP (KB960859)
    Beveiligingsupdate voor Windows XP (KB961371)
    Beveiligingsupdate voor Windows XP (KB961373)
    Beveiligingsupdate voor Windows XP (KB961501)
    Beveiligingsupdate voor Windows XP (KB968537)
    Beveiligingsupdate voor Windows XP (KB969059)
    Beveiligingsupdate voor Windows XP (KB969898)
    Beveiligingsupdate voor Windows XP (KB969947)
    Beveiligingsupdate voor Windows XP (KB970238)
    Beveiligingsupdate voor Windows XP (KB970430)
    Beveiligingsupdate voor Windows XP (KB971468)
    Beveiligingsupdate voor Windows XP (KB971486)
    Beveiligingsupdate voor Windows XP (KB971557)
    Beveiligingsupdate voor Windows XP (KB971633)
    Beveiligingsupdate voor Windows XP (KB971657)
    Beveiligingsupdate voor Windows XP (KB972270)
    Beveiligingsupdate voor Windows XP (KB973346)
    Beveiligingsupdate voor Windows XP (KB973354)
    Beveiligingsupdate voor Windows XP (KB973507)
    Beveiligingsupdate voor Windows XP (KB973525)
    Beveiligingsupdate voor Windows XP (KB973869)
    Beveiligingsupdate voor Windows XP (KB973904)
    Beveiligingsupdate voor Windows XP (KB974112)
    Beveiligingsupdate voor Windows XP (KB974318)
    Beveiligingsupdate voor Windows XP (KB974392)
    Beveiligingsupdate voor Windows XP (KB974571)
    Beveiligingsupdate voor Windows XP (KB975025)
    Beveiligingsupdate voor Windows XP (KB975467)
    Beveiligingsupdate voor Windows XP (KB975560)
    Beveiligingsupdate voor Windows XP (KB975561)
    Beveiligingsupdate voor Windows XP (KB975562)
    Beveiligingsupdate voor Windows XP (KB975713)
    Beveiligingsupdate voor Windows XP (KB977165-v2)
    Beveiligingsupdate voor Windows XP (KB977816)
    Beveiligingsupdate voor Windows XP (KB977914)
    Beveiligingsupdate voor Windows XP (KB978037)
    Beveiligingsupdate voor Windows XP (KB978251)
    Beveiligingsupdate voor Windows XP (KB978262)
    Beveiligingsupdate voor Windows XP (KB978338)
    Beveiligingsupdate voor Windows XP (KB978542)
    Beveiligingsupdate voor Windows XP (KB978601)
    Beveiligingsupdate voor Windows XP (KB978706)
    Beveiligingsupdate voor Windows XP (KB979309)
    Beveiligingsupdate voor Windows XP (KB979482)
    Beveiligingsupdate voor Windows XP (KB979559)
    Beveiligingsupdate voor Windows XP (KB979683)
    Beveiligingsupdate voor Windows XP (KB979687)
    Beveiligingsupdate voor Windows XP (KB980195)
    Beveiligingsupdate voor Windows XP (KB980218)
    Beveiligingsupdate voor Windows XP (KB980232)
    Beveiligingsupdate voor Windows XP (KB980436)
    Beveiligingsupdate voor Windows XP (KB981322)
    Beveiligingsupdate voor Windows XP (KB981852)
    Beveiligingsupdate voor Windows XP (KB981957)
    Beveiligingsupdate voor Windows XP (KB981997)
    Beveiligingsupdate voor Windows XP (KB982132)
    Beveiligingsupdate voor Windows XP (KB982214)
    Beveiligingsupdate voor Windows XP (KB982665)
    Beveiligingsupdate voor Windows XP (KB982802)
    BufferChm
    C5100
    c5100_Help
    CCleaner
    Compatibiliteitspakket voor het 2007 Microsoft Office system
    CP_CalendarTemplates1
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Panorama1Config
    cp_PosterPrintConfig
    CueTour
    Destinations
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    DocumentViewer
    DocumentViewerQFolder
    eSupportQFolder
    Fax_CDA
    Firebird 1.5.2.4731
    forteManager
    Free Audio CD Burner version 1.4.7
    Free YouTube Download 2.6
    Free YouTube to MP3 Converter version 3.9.35.324
    FullDPAppQFolder
    Google Earth
    Google Update Helper
    Hema Fotoalbum
    High Definition Audio Driver Package - KB888111
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix voor Windows Internet Explorer 7 (KB947864)
    Hotfix voor Windows XP (KB2158563)
    Hotfix voor Windows XP (KB2443685)
    Hotfix voor Windows XP (KB952287)
    Hotfix voor Windows XP (KB961118)
    Hotfix voor Windows XP (KB970653-v3)
    Hotfix voor Windows XP (KB976098-v2)
    Hotfix voor Windows XP (KB979306)
    Hotfix voor Windows XP (KB981793)
    HP Document Viewer 7.0
    HP Imaging Device Functions 7.0
    HP Photosmart Premier Software 6.5
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Solution Center 7.0
    HPPhotoSmartExpress
    HPProductAssistant
    InstantShareDevices
    InstantShareDevicesMFC
    Intel(R) Integrated Performance Primitives RTI 4.0
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 7
    J2SE Runtime Environment 5.0 Update 9
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 24
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) SE Runtime Environment 6 Update 1
    Junk Mail filter update
    Kaspersky Internet Security 2010
    Logitech QuickCam-software
    Logitech® Camera-stuurprogramma
    Malwarebytes' Anti-Malware
    Managed DirectX (0900)
    Messenger Plus! 5
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Dutch Language Pack
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (Dutch) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (Dutch) 2007
    Microsoft Office PowerPoint MUI (Dutch) 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proofing (Dutch) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (Dutch) 2007
    Microsoft Office Word MUI (Dutch) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (Dutch) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero Suite
    NewCopy_CDA
    No23 Recorder
    NVIDIA Drivers
    OCR Software by I.R.I.S 7.0
    PanoStandAlone
    PC Probe II
    PhotoGallery
    Picasa 3
    PL-2303 USB-to-Serial
    ProductContextNPI
    RandMap
    Readme
    Scan
    ScannerCopy
    SDK
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    SHOUTcast DNAS (remove only)
    SkinsHP1
    SolutionCenter
    Sonic_PrimoSDK
    SoundMAX
    Status
    Streamer (remove only)
    Toolbox
    TrayApp
    Uninstall 1.0.0.1
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update voor Windows Internet Explorer 8 (KB968220)
    Update voor Windows Internet Explorer 8 (KB976662)
    Update voor Windows Internet Explorer 8 (KB976749)
    Update voor Windows Internet Explorer 8 (KB980182)
    Update voor Windows XP (KB2141007)
    Update voor Windows XP (KB2345886)
    Update voor Windows XP (KB2467659)
    Update voor Windows XP (KB951072-v2)
    Update voor Windows XP (KB951978)
    Update voor Windows XP (KB955759)
    Update voor Windows XP (KB955839)
    Update voor Windows XP (KB961503)
    Update voor Windows XP (KB967715)
    Update voor Windows XP (KB968389)
    Update voor Windows XP (KB971029)
    Update voor Windows XP (KB971737)
    Update voor Windows XP (KB973687)
    Update voor Windows XP (KB973815)
    VirtualDJ Home FREE
    VU Leerling
    WebFldrs XP
    WebReg
    Winamp
    Winamp Applicatie Detect
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live - Hulpprogramma voor uploaden
    Windows Live aanmeldhulp
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Media Format Runtime
    Windows XP Service Pack 3
    WinRAR
    Wolters-Noordhoff Moderne Wiskunde/WiskDisk 1 vmbo gth
    .
    ==== End Of File ===========================

    [hjt]
    .
    dds (ver_11-03-05.01) - ntfsx86
    run by eigenaar at 21:04:23,35 on wo 04-05-2011
    internet explorer: 8.0.6001.18702
    microsoft windows xp home edition 5.1.2600.3.1252.31.1043.18.2047.1478 [b:56fa995f4f][gmt 2:00][/b:56fa995f4f]
    .
    av: kaspersky internet security *enabled/updated* {2c4d4bc6-0793-4956-a9f9-e252435469c0}[/color:56fa995f4f]
    fw: norton internet worm protection *disabled*
    fw: kaspersky internet security *enabled*
    .
    ============== running processes ===============
    .
    c:\windows\system32\[/color:56fa995f4f]svchost.exe[/color:56fa995f4f] -k dcomlaunch
    svchost.exe
    c:\windows\system32\[/color:56fa995f4f]svchost.exe[/color:56fa995f4f] -k netsvcs
    svchost.exe
    svchost.exe
    c:\windows\system32\[/color:56fa995f4f]spoolsv.exe[/color:56fa995f4f]
    c:\windows\[/color:56fa995f4f]explorer.exe[/color:56fa995f4f]
    c:\program files\analog devices\core\[/color:56fa995f4f]smax4pnp.exe[/color:56fa995f4f]
    c:\program files\hp\hp software update\[/color:56fa995f4f]hpwuschd2.exe[/color:56fa995f4f]
    c:\windows\system32\[/color:56fa995f4f]rundll32.exe[/color:56fa995f4f]
    c:\program files\kaspersky lab\kaspersky internet security 2010\[/color:56fa995f4f]avp.exe[/color:56fa995f4f]
    c:\program files\common files\java\java update\[/color:56fa995f4f]jusched.exe[/color:56fa995f4f]
    c:\windows\system32\[/color:56fa995f4f]ctfmon.exe[/color:56fa995f4f]
    svchost.exe
    c:\windows\[/color:56fa995f4f]atkkbservice.exe[/color:56fa995f4f]
    c:\program files\kaspersky lab\kaspersky internet security 2010\[/color:56fa995f4f]avp.exe[/color:56fa995f4f]
    svchost.exe
    c:\program files\firebird\firebird_1_5\bin\[/color:56fa995f4f]fbguard.exe[/color:56fa995f4f]
    c:\program files\java\jre6\bin\[/color:56fa995f4f]jqs.exe[/color:56fa995f4f]
    c:\windows\system32\[/color:56fa995f4f]nvsvc32.exe[/color:56fa995f4f]
    c:\windows\system32\[/color:56fa995f4f]hpzipm12.exe[/color:56fa995f4f]
    c:\windows\system32\[/color:56fa995f4f]svchost.exe[/color:56fa995f4f] -k imgsvc
    c:\program files\firebird\firebird_1_5\bin\[/color:56fa995f4f]fbserver.exe[/color:56fa995f4f]
    c:\windows\system32\[/color:56fa995f4f]svchost.exe[/color:56fa995f4f] -k httpfilter
    c:\program files\internet explorer\[/color:56fa995f4f]iexplore.exe[/color:56fa995f4f]
    c:\program files\internet explorer\[/color:56fa995f4f]iexplore.exe[/color:56fa995f4f]
    c:\program files\internet explorer\[/color:56fa995f4f]iexplore.exe[/color:56fa995f4f]
    c:\documents and settings\eigenaar\bureaublad\dds.scr
    .
    ============== pseudo hjt report ===============
    .
    ustart page = hxxp://google.nl/
    usearchmigrateddefaulturl = hxxp://www.google.com/search?q={searchterms}&sourceid=ie7&rls=com.microsoft:en-us&ie=utf8&oe=utf8
    usearchurl,(default) = hxxp://g.msn.nl/0senlnl/saos01?form=toolbr
    bho: adobe pdf reader help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3}[/color:56fa995f4f] - c:\program files\common files\adobe\acrobat\activex\[/color:56fa995f4f]acroiehelper.dll[/color:56fa995f4f]
    bho: {5c255c8a-e604-49b4-9d64-90988571cecb}[/color:56fa995f4f] - no file
    bho: search helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b}[/color:56fa995f4f] - c:\program files\microsoft\search enhancement pack\search helper\[/color:56fa995f4f]sepsearchhelperie.dll[/color:56fa995f4f]
    bho: {9030d464-4c02-4abf-8ecc-5164760863c6}[/color:56fa995f4f] - no file
    bho: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1}[/color:56fa995f4f] - no file
    bho: java™ plug-in 2 ssv helper: {dbc80044-a445-435b-bc74-9c25c1c588a9}[/color:56fa995f4f] - c:\program files\java\jre6\bin\[/color:56fa995f4f]jp2ssv.dll[/color:56fa995f4f]
    bho: filterbho class: {e33cf602-d945-461a-83f0-819f76a199f8}[/color:56fa995f4f] - c:\program files\kaspersky lab\kaspersky internet security 2010\[/color:56fa995f4f]klwtbbho.dll[/color:56fa995f4f]
    bho: jqsiestartdetectorimpl class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c}[/color:56fa995f4f] - c:\program files\java\jre6\lib\deploy\jqs\ie\[/color:56fa995f4f]jqs_plugin.dll[/color:56fa995f4f]
    tb: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7}[/color:56fa995f4f] - no file
    tb: {c4069e3a-68f1-403e-b40e-20066696354b}[/color:56fa995f4f] - no file
    tb: {bc4ffe41-de9f-46fa-b455-aad49b9f9938}[/color:56fa995f4f] - no file
    tb: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0}[/color:56fa995f4f] - no file
    tb: {21fa44ef-376d-4d53-9b0f-8a89d3229068}[/color:56fa995f4f] - no file
    eb: {201636b8-5827-d6e1-00e7-b19e6a7af837}[/color:56fa995f4f] - mysidesearch browser optimizer
    urun: [b:56fa995f4f][ctfmon.exe][/b:56fa995f4f] c:\windows\system32\[/color:56fa995f4f]ctfmon.exe[/color:56fa995f4f]
    mrun: [b:56fa995f4f][soundmaxpnp][/b:56fa995f4f] c:\program files\analog devices\core\[/color:56fa995f4f]smax4pnp.exe[/color:56fa995f4f]
    mrun: [b:56fa995f4f][hp software update][/b:56fa995f4f] c:\program files\hp\hp software update\[/color:56fa995f4f]hpwuschd2.exe[/color:56fa995f4f]
    mrun: [b:56fa995f4f][bluetoothauthenticationagent][/b:56fa995f4f] rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
    mrun: [b:56fa995f4f][adobe reader speed launcher][/b:56fa995f4f] c:\program files\adobe\reader 8.0\reader\[/color:56fa995f4f]reader_sl.exe[/color:56fa995f4f]
    mrun: [b:56fa995f4f][nvcpldaemon][/b:56fa995f4f] rundll32.exe c:\windows\system32\[/color:56fa995f4f]nvcpl.dll[/color:56fa995f4f],nvstartup
    mrun: [b:56fa995f4f][avp][/b:56fa995f4f] c:\program files\kaspersky lab\kaspersky internet security 2010\[/color:56fa995f4f]avp.exe[/color:56fa995f4f]
    mrun: [b:56fa995f4f][sunjavaupdatesched][/b:56fa995f4f] c:\program files\common files\java\java update\[/color:56fa995f4f]jusched.exe[/color:56fa995f4f]
    drun: [b:56fa995f4f][ctfmon.exe][/b:56fa995f4f] c:\windows\system32\[/color:56fa995f4f]ctfmon.exe[/color:56fa995f4f]
    ie: add to google photos screensa&ver - c:\windows\system32\gphotos.scr/200
    ie: free youtube to mp3 converter - c:\documents and settings\eigenaar\application data\dvdvideosoftiehelpers\[/color:56fa995f4f]freeyoutubetomp3converter.htm[/color:56fa995f4f]
    ie: {b7fe5d70-9aa2-40f1-9c6b-12a255f085e1}[/color:56fa995f4f] - c:\program files\partygaming\partypoker\[/color:56fa995f4f]runapp.exe[/color:56fa995f4f]
    ie: {d9288080-1baa-4bc4-9cf8-a92d743db949}[/color:56fa995f4f] - c:\documents and settings\eigenaar\menu start\programma's\imvu\[/color:56fa995f4f]run imvu.lnk[/color:56fa995f4f]
    ie: {e2e2dd38-d088-4134-82b7-f2ba38496583}[/color:56fa995f4f] - %windir%
    etwork diagnostic\[/color:56fa995f4f]xpnetdiag.exe[/color:56fa995f4f]
    ie: {f4430fe8-2638-42e5-b849-800749b94eed}[/color:56fa995f4f] - c:\program files\partygaming.net\partypokernet\[/color:56fa995f4f]runpf.exe[/color:56fa995f4f]
    ie: {f72841f0-4ef1-4df5-bce5-b3ac8acf5478}[/color:56fa995f4f] - res://c:\program files\babylon\babylon-pro\utils\[/color:56fa995f4f]babyloniepi.dll[/color:56fa995f4f]/actiontu.htm
    ie: {fb5f1910-f110-11d2-bb9e-00c04f795683}[/color:56fa995f4f] - c:\program files\messenger\[/color:56fa995f4f]msmsgs.exe[/color:56fa995f4f]
    ie: {2670000a-7350-4f3c-8081-5663ee0c6c49}[/color:56fa995f4f] - {48e73304-e1d6-4330-914c-f5f514e3486c}[/color:56fa995f4f] - c:\progra~1\micros~2\office12\[/color:56fa995f4f]onbttnie.dll[/color:56fa995f4f]
    ie: {4248fe82-7fcb-46ac-b270-339f08212110}[/color:56fa995f4f] - {4248fe82-7fcb-46ac-b270-339f08212110}[/color:56fa995f4f] - c:\program files\kaspersky lab\kaspersky internet security 2010\[/color:56fa995f4f]klwtbbho.dll[/color:56fa995f4f]
    ie: {92780b25-18cc-41c8-b9be-3c9c571a8263}[/color:56fa995f4f] - {ff059e31-cc5a-4e2e-bf3b-96e929d65503}[/color:56fa995f4f] - c:\progra~1\micros~2\office12\[/color:56fa995f4f]refiebar.dll[/color:56fa995f4f]
    ie: {ccf151d8-d089-449f-a5a4-d9909053f20f}[/color:56fa995f4f] - {ccf151d8-d089-449f-a5a4-d9909053f20f}[/color:56fa995f4f] - c:\program files\kaspersky lab\kaspersky internet security 2010\[/color:56fa995f4f]klwtbbho.dll[/color:56fa995f4f]
    dpf: cabbuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/installercontrol.cab
    dpf: {166b1bca-3f9c-11cf-8075-444553540000}[/color:56fa995f4f] - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    dpf: {20a60f0d-9afa-4515-a0fd-83bd84642501}[/color:56fa995f4f] - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    dpf: {233c1507-6a77-46a4-9443-f871f945d258}[/color:56fa995f4f] - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    dpf: {4871a87a-bfdd-4106-8153-ffde2bac2967}[/color:56fa995f4f] - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
    dpf: {5d6f45b3-9043-443d-a792-115447494d24}[/color:56fa995f4f] - hxxp://messenger.zone.msn.com/nl-nl/a-uno1/game_uno1.cab
    dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93}[/color:56fa995f4f] - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    dpf: {8e0d4de5-3180-4024-a327-4dfad1796a8d}[/color:56fa995f4f] - hxxp://messenger.zone.msn.com/binary/messengerstatsclient.cab31267.cab
    dpf: {a672558f-a878-4d5a-a921-627c091ceb60}[/color:56fa995f4f] - hxxp://data.flatcast.com/npfp415.dll
    dpf: {b8be5e93-a60c-4d26-a2dc-220313175592}[/color:56fa995f4f] - hxxp://messenger.zone.msn.com/binary/zintro.cab56649.cab
    dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072}[/color:56fa995f4f] - hxxp://messenger.zone.msn.com/binary/messengerstatspaclient.cab56907.cab
    dpf: {cafeefac-0015-0000-0006-abcdeffedcba}[/color:56fa995f4f] - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    dpf: {cafeefac-0015-0000-0007-abcdeffedcba}[/color:56fa995f4f] - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
    dpf: {cafeefac-0015-0000-0009-abcdeffedcba}[/color:56fa995f4f] - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    dpf: {cafeefac-0015-0000-0010-abcdeffedcba}[/color:56fa995f4f] - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    dpf: {cafeefac-0015-0000-0011-abcdeffedcba}[/color:56fa995f4f] - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    dpf: {cafeefac-0016-0000-0001-abcdeffedcba}[/color:56fa995f4f] - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    dpf: {cafeefac-0016-0000-0002-abcdeffedcba}[/color:56fa995f4f] - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    dpf: {cafeefac-0016-0000-0003-abcdeffedcba}[/color:56fa995f4f] - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    dpf: {cafeefac-0016-0000-0005-abcdeffedcba}[/color:56fa995f4f] - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    dpf: {cafeefac-0016-0000-0024-abcdeffedcba}[/color:56fa995f4f] - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    dpf: {cafeefac-ffff-ffff-ffff-abcdeffedcba}[/color:56fa995f4f] - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000}[/color:56fa995f4f] - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    dpf: {de625294-70e6-45ed-b895-cffa13aeb044}[/color:56fa995f4f] - hxxp://80.101.154.174/activex/amc.cab
    dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7}[/color:56fa995f4f] - hxxp://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab
    dpf: {e77f23eb-e7ab-4502-8f37-247dbaf1a147}[/color:56fa995f4f] - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/msnpupld.cab
    dpf: {f5a7706b-b9c0-4c89-a715-7a0c6b05dd48}[/color:56fa995f4f] - hxxp://messenger.zone.msn.com/binary/minesweeper.cab56986.cab
    notify: klogon - c:\windows\system32\[/color:56fa995f4f]klogon.dll[/color:56fa995f4f]
    .
    ============= services / drivers ===============
    .
    r0 klbg;kaspersky lab boot guard driver;c:\windows\system32\drivers\[/color:56fa995f4f]klbg.sys[/color:56fa995f4f] [b:56fa995f4f][2009-10-14 36880][/b:56fa995f4f]
    r1 kl1;kl1;c:\windows\system32\drivers\[/color:56fa995f4f]kl1.sys[/color:56fa995f4f] [b:56fa995f4f][2009-9-1 128016][/b:56fa995f4f]
    r1 klif;kaspersky lab driver;c:\windows\system32\drivers\[/color:56fa995f4f]klif.sys[/color:56fa995f4f] [b:56fa995f4f][2011-1-21 315408][/b:56fa995f4f]
    r1 sdpiosys;sdpiosys;c:\windows\system32\drivers\[/color:56fa995f4f]sdpiosys.sys[/color:56fa995f4f] [b:56fa995f4f][2004-11-30 161792][/b:56fa995f4f]
    r2 avp;kaspersky internet security;c:\program files\kaspersky lab\kaspersky internet security 2010\[/color:56fa995f4f]avp.exe[/color:56fa995f4f] [b:56fa995f4f][2009-10-20 340520][/b:56fa995f4f]
    r2 firebirdguardiandefaultinstance;firebird guardian - defaultinstance;c:\program files\firebird\firebird_1_5\bin\[/color:56fa995f4f]fbguard.exe[/color:56fa995f4f] -s –> c:\program files\firebird\firebird_1_5\bin\[/color:56fa995f4f]fbguard.exe[/color:56fa995f4f] -s [b:56fa995f4f][?][/b:56fa995f4f]
    r2 fssfltr;fssfltr;c:\windows\system32\drivers\[/color:56fa995f4f]fssfltr_tdi.sys[/color:56fa995f4f] [b:56fa995f4f][2009-3-14 55152][/b:56fa995f4f]
    r3 firebirdserverdefaultinstance;firebird server - defaultinstance;c:\program files\firebird\firebird_1_5\bin\[/color:56fa995f4f]fbserver.exe[/color:56fa995f4f] -s –> c:\program files\firebird\firebird_1_5\bin\[/color:56fa995f4f]fbserver.exe[/color:56fa995f4f] -s [b:56fa995f4f][?][/b:56fa995f4f]
    r3 klim5;kaspersky anti-virus ndis filter;c:\windows\system32\drivers\[/color:56fa995f4f]klim5.sys[/color:56fa995f4f] [b:56fa995f4f][2009-9-14 32272][/b:56fa995f4f]
    s2 gupdate;google updateservice (gupdate);c:\program files\google\update\[/color:56fa995f4f]googleupdate.exe[/color:56fa995f4f] [b:56fa995f4f][2010-9-12 136176][/b:56fa995f4f]
    s3 cdrmkaun;cdrmkaun;\??\c:\docume~1\eigenaar\locals~1\temp\[/color:56fa995f4f]cdrmkaun.sys[/color:56fa995f4f] –> c:\docume~1\eigenaar\locals~1\temp\[/color:56fa995f4f]cdrmkaun.sys[/color:56fa995f4f] [b:56fa995f4f][?][/b:56fa995f4f]
    s3 eraserutilrebootdrv;eraserutilrebootdrv;\??\c:\program files\common files\symantec shared\eengine\[/color:56fa995f4f]eraserutilrebootdrv.sys[/color:56fa995f4f] –> c:\program files\common files\symantec shared\eengine\[/color:56fa995f4f]eraserutilrebootdrv.sys[/color:56fa995f4f] [b:56fa995f4f][?][/b:56fa995f4f]
    s3 gupdatem;google update-service (gupdatem);c:\program files\google\update\[/color:56fa995f4f]googleupdate.exe[/color:56fa995f4f] [b:56fa995f4f][2010-9-12 136176][/b:56fa995f4f]
    s4 fsssvc;windows live family safety;c:\program files\windows live\family safety\[/color:56fa995f4f]fsssvc.exe[/color:56fa995f4f] [b:56fa995f4f][2009-2-6 533360][/b:56fa995f4f]
    s4 npggsvc;nprotect gameguard service;c:\windows\system32\gamemon.des -service –> c:\windows\system32\gamemon.des -service [b:56fa995f4f][?][/b:56fa995f4f]
    .
    =============== created last 30 ================
    .
    2011-05-03 13:04:34 ——– d-sha-r- c:\cmdcons
    2011-05-03 13:02:29 98816 —-a-w- c:\windows\[/color:56fa995f4f]sed.exe[/color:56fa995f4f]
    2011-05-03 13:02:29 89088 —-a-w- c:\windows\[/color:56fa995f4f]mbr.exe[/color:56fa995f4f]
    2011-05-03 13:02:29 256512 —-a-w- c:\windows\[/color:56fa995f4f]pev.exe[/color:56fa995f4f]
    2011-05-03 13:02:29 161792 —-a-w- c:\windows\[/color:56fa995f4f]swreg.exe[/color:56fa995f4f]
    2011-05-03 07:54:31 ——– d—–w- c:\lop sd
    2011-05-02 20:03:00 388096 —-a-r- c:\docume~1\eigenaar\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}[/color:56fa995f4f]\hijackthis.exe[/color:56fa995f4f]
    2011-05-02 20:02:54 ——– d—–w- c:\program files\trend micro
    .
    ==================== find3m ====================
    .
    2011-03-07 05:33:45 692736 —-a-w- c:\windows\system32\[/color:56fa995f4f]inetcomm.dll[/color:56fa995f4f]
    2011-03-04 06:36:55 420864 —-a-w- c:\windows\system32\[/color:56fa995f4f]vbscript.dll[/color:56fa995f4f]
    2011-03-03 13:53:36 1858048 —-a-w- c:\windows\system32\[/color:56fa995f4f]win32k.sys[/color:56fa995f4f]
    2011-02-22 23:07:58 916480 —-a-w- c:\windows\system32\[/color:56fa995f4f]wininet.dll[/color:56fa995f4f]
    2011-02-22 23:07:58 43520 —-a-w- c:\windows\system32\[/color:56fa995f4f]licmgr10.dll[/color:56fa995f4f]
    2011-02-22 23:07:58 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:43:15 385024 —-a-w- c:\windows\system32\html.iec
    2011-02-17 12:54:07 5632 —-a-w- c:\windows\system32\[/color:56fa995f4f]xpsp4res.dll[/color:56fa995f4f]
    2011-02-15 12:56:39 290432 —-a-w- c:\windows\system32\[/color:56fa995f4f]atmfd.dll[/color:56fa995f4f]
    2011-02-09 13:54:04 270848 —-a-w- c:\windows\system32\[/color:56fa995f4f]sbe.dll[/color:56fa995f4f]
    2011-02-09 13:54:04 186880 —-a-w- c:\windows\system32\[/color:56fa995f4f]encdec.dll[/color:56fa995f4f]
    2011-02-08 13:33:59 978944 —-a-w- c:\windows\system32\[/color:56fa995f4f]mfc42.dll[/color:56fa995f4f]
    2011-02-08 13:33:59 974848 —-a-w- c:\windows\system32\[/color:56fa995f4f]mfc42u.dll[/color:56fa995f4f]
    2011-02-04 17:49:46 22 –sha-w- c:\windows\[/color:56fa995f4f]sys3390 settingscollection.bin[/color:56fa995f4f]
    2011-02-04 17:49:46 22 –sha-w- c:\docume~1\eigenaar\applic~1\[/color:56fa995f4f]sys6925.config collection.sys[/color:56fa995f4f]
    .
    ============= finish: 21:06:27,82 ===============

    [/hjt]
  • Hoi big bird, jij mag het volgende gaan doen:

    open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:7b22b02968]Kladblok[/b:7b22b02968]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:7b22b02968]KILLALL::

    FileLook::
    c:\docume~1\eigenaar\applic~1\sys6925.config collection.sys
    c:\windows\sys3390 settingscollection.bin[/color:7b22b02968][/b:7b22b02968]


    Sla dit kladblokbestand op je bureaublad op als [b:7b22b02968]CFScript.txt[/b:7b22b02968].

    [b:7b22b02968]Nu eerst de antivirus deaktiveren![/color:7b22b02968][/b:7b22b02968]


    Sleep CFScript.txt in ComboFix.exe


    [img:7b22b02968]http://img517.imageshack.us/img517/8662/cfscript10uc2.gif[/img:7b22b02968]

    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


    Post het Combofix log dat na het opnieuw starten wordt getoond!
  • Hoi, hierbij de nieuwe log, ik hoop dat je er iets mee kunt.

    ComboFix 11-05-04.03 - Eigenaar 05-05-2011 10:29:47.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1573 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript.txt..txt
    AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-04-05 to 2011-05-05 ))))))))))))))))))))))))))))))
    .
    .
    2011-05-03 07:54 . 2011-05-03 08:03 ——– d—–w- C:\Lop SD
    2011-05-02 20:03 . 2011-05-02 20:03 388096 —-a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-02 20:02 . 2011-05-02 20:02 ——– d—–w- c:\program files\Trend Micro
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-07 05:33 . 2006-07-12 17:02 692736 —-a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:36 . 2004-08-04 12:00 420864 —-a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:53 . 2004-08-04 12:00 1858048 —-a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:07 . 2007-05-10 14:58 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 23:07 . 2004-08-04 12:00 916480 —-a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:07 . 2004-08-04 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 11:43 . 2004-08-04 12:00 385024 —-a-w- c:\windows\system32\html.iec
    2011-02-17 13:18 . 2004-08-04 12:00 455936 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2004-08-04 12:00 357888 —-a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:54 . 2008-05-05 05:25 5632 —-a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56 . 2004-08-04 12:00 290432 —-a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:54 . 2004-08-04 12:00 270848 —-a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:54 . 2004-08-04 12:00 186880 —-a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2004-08-04 12:00 978944 —-a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2004-08-04 12:00 974848 —-a-w- c:\windows\system32\mfc42u.dll
    2011-02-04 17:49 . 2011-02-04 17:49 22 –sha-w- c:\documents and settings\Eigenaar\Application Data\Sys6925.Config Collection.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    — c:\docume~1\eigenaar\applic~1\sys6925.config collection.sys —
    Company: ——
    File Description: ——
    File Version: ——
    Product Name: ——
    Copyright: ——
    Original Filename: ——
    File size: 22
    Created time: 2011-02-04 17:49
    Modified time: 2011-02-04 17:49
    MD5: 21F4B3E440C82C5575F236CAAB3B2542
    SHA1: 38A74D6BF6B95A3D4B56FF637706282AA5DBD4D0
    .
    .
    — c:\windows\sys3390 settingscollection.bin —
    Company: ——
    File Description: ——
    File Version: ——
    Product Name: ——
    Copyright: ——
    Original Filename: ——
    File size: 22
    Created time: 2011-02-04 17:49
    Modified time: 2011-02-04 17:49
    MD5: 21F4B3E440C82C5575F236CAAB3B2542
    SHA1: 38A74D6BF6B95A3D4B56FF637706282AA5DBD4D0
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-05-03_13.14.19 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-05-04 05:57 . 2011-05-04 05:57 16384 c:\windows\Temp\Perflib_Perfdata_4e4.dat
    - 2004-08-04 12:00 . 2011-05-03 05:51 90934 c:\windows\system32\perfc013.dat
    + 2004-08-04 12:00 . 2011-05-05 06:02 90934 c:\windows\system32\perfc013.dat
    - 2004-08-04 12:00 . 2011-05-03 05:51 71374 c:\windows\system32\perfc009.dat
    + 2004-08-04 12:00 . 2011-05-05 06:02 71374 c:\windows\system32\perfc009.dat
    - 2007-06-07 09:36 . 2011-05-01 17:19 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2007-06-07 09:36 . 2011-05-05 07:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2007-06-07 09:36 . 2011-05-05 07:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    - 2007-06-07 09:36 . 2011-05-01 17:19 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2011-05-03 20:33 . 2011-05-05 07:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2007-06-07 09:36 . 2011-05-01 17:19 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2011-05-03 17:20 . 2011-05-03 17:20 21504 c:\windows\Installer\263b5.msi
    + 2004-08-04 12:00 . 2011-05-05 06:02 509242 c:\windows\system32\perfh013.dat
    - 2004-08-04 12:00 . 2011-05-03 05:51 509242 c:\windows\system32\perfh013.dat
    + 2004-08-04 12:00 . 2011-05-05 06:02 441438 c:\windows\system32\perfh009.dat
    - 2004-08-04 12:00 . 2011-05-03 05:51 441438 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-07-08 925696]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 7311360]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2011-01-21 340520]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Photosmart Premier Snelstart.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Photosmart Premier Snelstart.lnk
    backup=c:\windows\pss\HP Photosmart Premier Snelstart.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
    path=c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
    backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT LGE]
    2007-06-12 10:32 291328 —-a-w- c:\program files\Portrait Displays\forteManager\dthtml.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
    2004-10-27 13:21 61952 ——w- c:\windows\system32\HdAShCut.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    2005-06-08 12:44 196608 —-a-w- c:\program files\Logitech\Video\ManifestEngine.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    2005-06-08 13:24 458752 —-a-w- c:\program files\Logitech\Video\ISStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    2005-06-08 13:14 217088 —-a-w- c:\program files\Logitech\Video\LogiTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    2005-07-19 15:32 221184 —-a-w- c:\windows\system32\LVCOMSX.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 20:33 1695232 ——w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 08:50 155648 —-a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2005-12-09 19:06 7311360 —-a-w- c:\windows\system32
    vcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2005-12-09 19:06 86016 —-a-w- c:\windows\system32
    vmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    wiz]
    2005-12-09 19:06 1519616 —-a-w- c:\windows\system32
    wiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2010-07-12 16:32 74752 —-a-w- c:\program files\Winamp\winampa.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "HP Status Server"=3 (0x3)
    "HP Port Resolver"=3 (0x3)
    "ose"=3 (0x3)
    "fsssvc"=3 (0x3)
    "DTSRVC"=2 (0x2)
    "Crypkey License"=2 (0x2)
    "npggsvc"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "gusvc"=3 (0x3)
    "gupdate"=2 (0x2)
    "SeaPort"=2 (0x2)
    "odserv"=3 (0x3)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "AVP"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    .
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14-10-2009 21:18 36880]
    R1 sdpiosys;sdpiosys;c:\windows\system32\drivers\SDPIOSYS.SYS [30-11-2004 12:10 161792]
    R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14-9-2009 14:42 32272]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12-9-2010 20:17 136176]
    S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\Eigenaar\LOCALS~1\Temp\cdrmkaun.sys –> c:\docume~1\Eigenaar\LOCALS~1\Temp\cdrmkaun.sys [?]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys –> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12-9-2010 20:17 136176]
    S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service –> c:\windows\system32\GameMon.des -service [?]
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-12 18:17]
    .
    2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-12 18:17]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://google.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Free YouTube to MP3 Converter - c:\documents and settings\Eigenaar\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Eigenaar\Menu Start\Programma's\IMVU\Run IMVU.lnk
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {A672558F-A878-4D5A-A921-627C091CEB60} - hxxp://data.flatcast.com/NpFp415.dll
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.101.154.174/activex/AMC.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-05 10:37
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services
    pggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'explorer.exe'(3628)
    c:\windows\system32\webcheck.dll
    .
    Voltooingstijd: 2011-05-05 10:43:06
    ComboFix-quarantined-files.txt 2011-05-05 08:43
    ComboFix2.txt 2011-05-03 13:17
    .
    Pre-Run: 257.094.103.040 bytes beschikbaar
    Post-Run: 257.104.240.640 bytes beschikbaar
    .
    - - End Of File - - 192F18D4049DB6BA3EF46D189D6895CD
  • Hoi big bird, goed gedaan, nu gaan we het opnieuw doen!

    Open wederom een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:215961b411]Kladblok[/b:215961b411]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:215961b411]File::
    c:\windows\sys3390 settingscollection.bin
    c:\docume~1\eigenaar\applic~1\sys6925.config collection.sys[/color:215961b411][/b:215961b411]


    Sla dit kladblokbestand op je bureaublad op als [b:215961b411]CFScript.txt[/b:215961b411].

    [b:215961b411]Nu eerst de antivirus deaktiveren![/color:215961b411][/b:215961b411]


    Sleep CFScript.txt in ComboFix.exe


    [img:215961b411]http://img517.imageshack.us/img517/8662/cfscript10uc2.gif[/img:215961b411]

    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


    Post het Combofix log dat na het opnieuw starten wordt getoond!
  • Verkeerd gelezen, komt er zo aan.
  • Hier is ie dan, ik hoop dat we zo verder kunnen komen.

    ComboFix 11-05-04.03 - Eigenaar 05-05-2011 11:18:37.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1544 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript.txt..txt
    AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .
    FILE ::
    "c:\docume~1\eigenaar\applic~1\sys6925.config collection.sys"
    "c:\windows\sys3390 settingscollection.bin"
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\docume~1\eigenaar\applic~1\sys6925.config collection.sys
    c:\windows\sys3390 settingscollection.bin
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-04-05 to 2011-05-05 ))))))))))))))))))))))))))))))
    .
    .
    2011-05-03 07:54 . 2011-05-03 08:03 ——– d—–w- C:\Lop SD
    2011-05-02 20:03 . 2011-05-02 20:03 388096 —-a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-02 20:02 . 2011-05-02 20:02 ——– d—–w- c:\program files\Trend Micro
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-07 05:33 . 2006-07-12 17:02 692736 —-a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:36 . 2004-08-04 12:00 420864 —-a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:53 . 2004-08-04 12:00 1858048 —-a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:07 . 2007-05-10 14:58 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 23:07 . 2004-08-04 12:00 916480 —-a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:07 . 2004-08-04 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 11:43 . 2004-08-04 12:00 385024 —-a-w- c:\windows\system32\html.iec
    2011-02-17 13:18 . 2004-08-04 12:00 455936 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2004-08-04 12:00 357888 —-a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:54 . 2008-05-05 05:25 5632 —-a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56 . 2004-08-04 12:00 290432 —-a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:54 . 2004-08-04 12:00 270848 —-a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:54 . 2004-08-04 12:00 186880 —-a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2004-08-04 12:00 978944 —-a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2004-08-04 12:00 974848 —-a-w- c:\windows\system32\mfc42u.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-05-03_13.14.19 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-05-04 05:57 . 2011-05-04 05:57 16384 c:\windows\Temp\Perflib_Perfdata_4e4.dat
    - 2004-08-04 12:00 . 2011-05-03 05:51 90934 c:\windows\system32\perfc013.dat
    + 2004-08-04 12:00 . 2011-05-05 06:02 90934 c:\windows\system32\perfc013.dat
    - 2004-08-04 12:00 . 2011-05-03 05:51 71374 c:\windows\system32\perfc009.dat
    + 2004-08-04 12:00 . 2011-05-05 06:02 71374 c:\windows\system32\perfc009.dat
    - 2007-06-07 09:36 . 2011-05-01 17:19 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2007-06-07 09:36 . 2011-05-05 07:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2007-06-07 09:36 . 2011-05-05 07:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    - 2007-06-07 09:36 . 2011-05-01 17:19 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2011-05-03 20:33 . 2011-05-05 07:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2007-06-07 09:36 . 2011-05-01 17:19 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2011-05-03 17:20 . 2011-05-03 17:20 21504 c:\windows\Installer\263b5.msi
    + 2004-08-04 12:00 . 2011-05-05 06:02 509242 c:\windows\system32\perfh013.dat
    - 2004-08-04 12:00 . 2011-05-03 05:51 509242 c:\windows\system32\perfh013.dat
    + 2004-08-04 12:00 . 2011-05-05 06:02 441438 c:\windows\system32\perfh009.dat
    - 2004-08-04 12:00 . 2011-05-03 05:51 441438 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-07-08 925696]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 7311360]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2011-01-21 340520]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Photosmart Premier Snelstart.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Photosmart Premier Snelstart.lnk
    backup=c:\windows\pss\HP Photosmart Premier Snelstart.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
    path=c:\documents and settings\Eigenaar\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
    backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT LGE]
    2007-06-12 10:32 291328 —-a-w- c:\program files\Portrait Displays\forteManager\dthtml.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
    2004-10-27 13:21 61952 ——w- c:\windows\system32\HdAShCut.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    2005-06-08 12:44 196608 —-a-w- c:\program files\Logitech\Video\ManifestEngine.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    2005-06-08 13:24 458752 —-a-w- c:\program files\Logitech\Video\ISStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    2005-06-08 13:14 217088 —-a-w- c:\program files\Logitech\Video\LogiTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    2005-07-19 15:32 221184 —-a-w- c:\windows\system32\LVCOMSX.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 20:33 1695232 ——w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 08:50 155648 —-a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2005-12-09 19:06 7311360 —-a-w- c:\windows\system32
    vcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2005-12-09 19:06 86016 —-a-w- c:\windows\system32
    vmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    wiz]
    2005-12-09 19:06 1519616 —-a-w- c:\windows\system32
    wiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2010-07-12 16:32 74752 —-a-w- c:\program files\Winamp\winampa.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "HP Status Server"=3 (0x3)
    "HP Port Resolver"=3 (0x3)
    "ose"=3 (0x3)
    "fsssvc"=3 (0x3)
    "DTSRVC"=2 (0x2)
    "Crypkey License"=2 (0x2)
    "npggsvc"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "gusvc"=3 (0x3)
    "gupdate"=2 (0x2)
    "SeaPort"=2 (0x2)
    "odserv"=3 (0x3)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "AVP"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    .
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14-10-2009 21:18 36880]
    R1 sdpiosys;sdpiosys;c:\windows\system32\drivers\SDPIOSYS.SYS [30-11-2004 12:10 161792]
    R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14-9-2009 14:42 32272]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12-9-2010 20:17 136176]
    S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\Eigenaar\LOCALS~1\Temp\cdrmkaun.sys –> c:\docume~1\Eigenaar\LOCALS~1\Temp\cdrmkaun.sys [?]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys –> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12-9-2010 20:17 136176]
    S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service –> c:\windows\system32\GameMon.des -service [?]
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-12 18:17]
    .
    2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-12 18:17]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://google.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Free YouTube to MP3 Converter - c:\documents and settings\Eigenaar\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Eigenaar\Menu Start\Programma's\IMVU\Run IMVU.lnk
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {A672558F-A878-4D5A-A921-627C091CEB60} - hxxp://data.flatcast.com/NpFp415.dll
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.101.154.174/activex/AMC.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-05 11:24
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services
    pggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Voltooingstijd: 2011-05-05 11:26:53
    ComboFix-quarantined-files.txt 2011-05-05 09:26
    ComboFix2.txt 2011-05-05 08:43
    ComboFix3.txt 2011-05-03 13:17
    .
    Pre-Run: 257.108.664.320 bytes beschikbaar
    Post-Run: 257.098.231.808 bytes beschikbaar
    .
    - - End Of File - - 5E2C2EFC7FC97E8D29BD83432B9DE58F

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.