Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Help probleem met smitfraud denk ik

M@rc
9 antwoorden
  • kan iemand mij helpen?
    ik krijg gedurende enkele dagen de melding " De bewerkingis geannuleerd van op uw systeem geldende beperkingen. Neem contact op met de systeembeheerder."

    ik krijg ze als ik mijn configuratiescherm wil openen of als ik iets wil uninstallen.

    Ik had al gelezen op google dat het te maken heeft met Smitfraud. Maar ik heb geen idee wat ik moet doen

    Kan iemand mij helpen?

    Hier vind je de logfile van hijack this

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 14:00:06, on 19/10/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
    C:\Windows\System32\cmd.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Eigenaar\Application Data\IEMonitor.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Eigenaar\Application Data\IDMan.exe
    C:\Documents and Settings\Eigenaar\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.google.be
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Eigenaar\Application Data\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HDD Regenerator] C:\Program Files\HDD Regenerator\HDD Regenerator.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
    O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [Windows Update] C:\Documents and Settings\Eigenaar\Sjablonen\Server.exe
    O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Eigenaar\Application Data\IDMan.exe /onboot
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -update plugin
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Eigenaar\Application Data\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Eigenaar\Application Data\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Eigenaar\Application Data\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\Microsoft Office 2007\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Eigenaar\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
    O8 - Extra context menu item: Verzenden naar &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: &Virtueel toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office 2007\Office12\REFIEBAR.DLL
    O9 - Extra button: URL Adviseur - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206368452921
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\AVP9\mzvkbd3.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c987be2657cb96) (gupdate1c987be2657cb96) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe


    End of file - 12282 bytes

    Alvast bedankt
  • Hallo,

    Je windows is helemaal niet geupdate. Jij werkt nog met SP2 en je moet eigenlijk SP3 hebben geïnstalleerd. Hierdoor is computer kwetsbaar.

    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:9be8f116ae]F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
    O4 - HKCU\..\Run: [Windows Update] C:\Documents and Settings\Eigenaar\Sjablonen\Server.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1[/b:9be8f116ae]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Herstart de computer.

    Voer nu eerst een scan uit met Malwarebytes' Anti-Malware (MBAM).

    Heb je vandaag reeds een scan uitgevoerd met dit programma dan post je de meest recente log.
    Deze kan je als volgt vinden:
    [list:9be8f116ae][*:9be8f116ae]Start Malwarebytes' Anti-Malware (MBAM).
    [*:9be8f116ae]Klik op het tabblad "[b:9be8f116ae]Logs[/b:9be8f116ae]". Daar vind je een overzicht van de logs gemaakt door MBAM. Deze worden opgeslagen als mbam-log-jaar-maand-dag (uur).txt.
    [*:9be8f116ae]Kies de meest recente, dubbelklik er op. De logfile opent.
    [*:9be8f116ae]Post de inhoud van de logfile.[/list:u:9be8f116ae]


    Heb je Malwarebytes' Anti-Malware (MBAM) reeds op de computer staan en je hebt onlangs (vandaag) geen nieuwe scan uitgevoerd, dan doe je dit:
    [list:9be8f116ae][*:9be8f116ae]Start MBAM.
    [*:9be8f116ae]Ga naar het tabblad "[b:9be8f116ae]Update[/b:9be8f116ae]".
    [*:9be8f116ae]Klik op de knop "[b:9be8f116ae]Controleer op Updates[/b:9be8f116ae]". MBAM maakt nu connectie met de servers om de laatste definities te downloaden en zal deze installeren.
    [*:9be8f116ae]Ga naar het tabblad "Scanner".
    [*:9be8f116ae]Selecteer "[b:9be8f116ae]Snelle Scan[/b:9be8f116ae]" en klik op de knop "[b:9be8f116ae]Scan[/b:9be8f116ae]". Malwarebytes' Anti-Malware zal nu de computer scannen.
    [*:9be8f116ae]Wanneer de scan voltooid is, klik je op [b:9be8f116ae]OK[/b:9be8f116ae], daarna op "Bekijk Resultaten" om de resultaten te zien.
    [*:9be8f116ae]Wordt er wat gevonden door MBAM, dan zorg ervoor dat daar [b:9be8f116ae]alles aangevinkt is[/b:9be8f116ae] en daarna klik je op: [b:9be8f116ae]Verwijder geselecteerde[/b:9be8f116ae].
    [*:9be8f116ae]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. Sta toe dat de computer opnieuw gestart wordt. Doe dit onmiddellijk!!
    [*:9be8f116ae]Na de herstart start je Malwarebytes' Anti-Malware opnieuw.
    [*:9be8f116ae]Klik op het tabblad "[b:9be8f116ae]Logs[/b:9be8f116ae]". Daar vind je een overzicht van de logs gemaakt door MBAM. Deze worden opgeslagen als mbam-log-jaar-maand-dag (uur).txt.
    [*:9be8f116ae]Kies de meest recente, dubbelklik er op. De logfile opent.
    [*:9be8f116ae]Post de inhoud van de logfile.[/list:u:9be8f116ae]


    Heb je nog geen scan gedaan met Malwarebytes' Anti-Malware dan volg je deze instructies:
    [list:9be8f116ae][*:9be8f116ae]Downloadt MBAM (Malwarebytes' Anti-Malware) [b:9be8f116ae]hier[/b:9be8f116ae] of [b:9be8f116ae]hier[/b:9be8f116ae].
    [*:9be8f116ae]Dubbelklik op [b:9be8f116ae]mbam-setup.exe[/b:9be8f116ae] om de installatie te starten.
    [*:9be8f116ae]Zorg ervoor dat er een vinkje geplaatst is voor [b:9be8f116ae]Update Malwarebytes' Anti-Malware[/b:9be8f116ae] en [b:9be8f116ae]Start Malwarebytes' Anti-Malware[/b:9be8f116ae].
    [*:9be8f116ae]Klik daarna op "Voltooien".
    [*:9be8f116ae]Indien een update gevonden wordt, zal deze gedownload en geïnstalleerd worden.
    [*:9be8f116ae]Wanneer het programma volledig up to date is selecteer je het tabblad [b:9be8f116ae]Scanner[/b:9be8f116ae]
    [*:9be8f116ae]Selecteer "[b:9be8f116ae]Snelle Scan[/b:9be8f116ae]" en klik op de knop "[b:9be8f116ae]Scan[/b:9be8f116ae]". Malwarebytes' Anti-Malware zal nu de computer scannen.
    [*:9be8f116ae]Het scannen kan een tijdje duren, dus wees geduldig.
    [*:9be8f116ae]Wanneer de scan voltooid is, klik op op [b:9be8f116ae]OK[/b:9be8f116ae], daarna op "Bekijk Resultaten" om de resultaten te zien.
    [*:9be8f116ae]Wordt er wat gevonden door MBAM, dan zorg ervoor dat daar [b:9be8f116ae]alles aangevinkt is[/b:9be8f116ae] en daarna klik je op: [b:9be8f116ae]Verwijder geselecteerde[/b:9be8f116ae].
    [*:9be8f116ae]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. Sta toe dat de computer opnieuw gestart wordt. Doe dit onmiddellijk!!
    [*:9be8f116ae]Na de herstart start je Malwarebytes' Anti-Malware opnieuw.
    [*:9be8f116ae]Klik op het tabblad "[b:9be8f116ae]Logs[/b:9be8f116ae]". Daar vind je een overzicht van de logs gemaakt door MBAM. Deze worden opgeslagen als mbam-log-jaar-maand-dag (uur).txt.
    [*:9be8f116ae]Kies de meest recente, dubbelklik er op. De logfile opent.
    [*:9be8f116ae]Post de inhoud van de logfile.
    [/list:u:9be8f116ae]


    Start HijackThis opnieuw, maak een nieuwe log en post deze.
  • bedankt ik zal direct eens testen of het werkt :D
  • [b:7c9a2b25df]Dit is de logfile van MBAM[/b:7c9a2b25df]

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Databaseversie: 4882

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 7.0.5730.13

    19/10/2010 18:13:13
    mbam-log-2010-10-19 (18-13-13).txt

    Scantype: Snelle scan
    Objecten gescand: 143313
    Verstreken tijd: 10 minuut/minuten, 59 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 7
    Registerwaarden geïnfecteerd: 3
    Registerdata geïnfecteerd: 3
    Mappen geïnfecteerd: 1
    Bestanden geïnfecteerd: 5

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DARKNESS (Trojan.Backdoor) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\firevall administrating (Trojan.Backdoor) -> Quarantined and deleted successfully.

    Registerdata geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD (Hijack.CMDPrompt) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Mappen geïnfecteerd:
    C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Eigenaar\Local Settings\Temp\sam.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Microsoft\id.txt (Malware.Trace) -> Quarantined and deleted successfully.
  • [b:72ca97e0d8]Dit is de logfile van hijackthis[/b:72ca97e0d8]

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:27:44, on 19/10/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\HDD Regenerator\HDD Regenerator.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\HDD Regenerator\HDD Regenerator.exe
    C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
    C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Eigenaar\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.google.be
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HDD Regenerator] C:\Program Files\HDD Regenerator\HDD Regenerator.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
    O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\Microsoft Office 2007\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Eigenaar\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
    O8 - Extra context menu item: Verzenden naar &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: &Virtueel toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office 2007\Office12\REFIEBAR.DLL
    O9 - Extra button: URL Adviseur - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206368452921
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\AVP9\mzvkbd3.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c987be2657cb96) (gupdate1c987be2657cb96) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe


    End of file - 11295 bytes
  • Dat is al beter.

    Download combofix.exe van deze site: http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden .
    ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
    Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
    Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
    Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
    Krijg je deze melding dan meld je dit.
    Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • [b:bf50831dab]Dit is het log van Combofix[/b:bf50831dab]

    ComboFix 10-10-18.06 - Eigenaar 19/10/2010 19:06:12.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.510.107 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\hotfile\ComboFix.exe
    AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Eigenaar\Application Data\PriceGong
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data
    .xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Eigenaar\Application Data\PriceGong\Data\z.xml
    c:\program files\MalwareWiped
    c:\program files\MalwareWiped\ignorelist.dat
    c:\program files\MalwareWiped\malwarewipe.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Legacy_MSUPDATE
    ——-\Legacy_USNJSVC
    ——-\Service_usnjsvc


    (((((((((((((((((((( Bestanden Gemaakt van 2010-09-19 to 2010-10-19 ))))))))))))))))))))))))))))))
    .

    2010-10-19 15:57 . 2010-10-19 15:57 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes
    2010-10-19 15:56 . 2010-04-29 13:39 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-19 15:56 . 2010-10-19 15:56 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-19 15:56 . 2010-04-29 13:39 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-19 15:56 . 2010-10-19 15:57 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-19 10:21 . 2010-10-19 15:55 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\DMCache
    2010-10-19 10:20 . 2010-10-19 10:21 ——– d—–w- c:\program files\Internet Download Manager
    2010-10-19 10:20 . 2010-10-19 10:20 3205744 —-a-w- c:\documents and settings\Eigenaar\Application Data\idman519.exe
    2010-10-17 18:36 . 2010-10-17 18:38 ——– d—–w- c:\program files\Zoo tycoon 2
    2010-10-15 18:24 . 2010-10-15 18:42 ——– d—–w- c:\program files\HDD Regenerator
    2010-10-15 18:23 . 2010-10-15 18:23 ——– d—–w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Downloaded Installations
    2010-10-12 17:02 . 2004-08-03 21:08 25600 —-a-w- c:\windows\system32\drivers\usbser.sys
    2010-10-12 17:02 . 2004-08-03 21:08 25600 —-a-w- c:\windows\system32\dllcache\usbser.sys
    2010-10-12 17:02 . 2008-03-21 11:57 14640 ——w- c:\windows\system32\spmsgXP_2k3.dll
    2010-10-12 16:59 . 2010-10-12 16:59 ——– d—–w- c:\documents and settings\All Users\Application Data\PC Suite
    2010-10-12 16:58 . 2010-10-12 16:58 ——– d—–w- c:\program files\Common Files\PCSuite
    2010-10-12 16:57 . 2010-10-12 16:58 ——– d—–w- c:\program files\Common Files\Nokia
    2010-10-12 16:57 . 2010-10-12 16:58 ——– d—–w- c:\program files\DIFX
    2010-10-12 16:56 . 2008-08-26 08:26 18816 —-a-w- c:\windows\system32\drivers\pccsmcfd.sys
    2010-10-12 16:55 . 2010-10-12 16:55 ——– d—–w- c:\program files\PC Connectivity Solution
    2010-10-12 16:54 . 2009-02-09 06:37 7808 —-a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
    2010-10-12 16:53 . 2009-02-09 06:37 7808 —-a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
    2010-10-12 16:53 . 2009-02-09 06:37 22016 —-a-w- c:\windows\system32\drivers\ccdcmbo.sys
    2010-10-12 16:53 . 2009-02-09 06:37 659968 —-a-w- c:\windows\system32
    mwcdcocls.dll
    2010-10-12 16:53 . 2009-02-09 06:37 17664 —-a-w- c:\windows\system32\drivers\ccdcmb.sys
    2010-10-12 16:53 . 2009-02-09 06:32 1112288 —-a-w- c:\windows\system32\wdfcoinstaller01007.dll
    2010-10-12 16:53 . 2010-10-12 16:58 ——– d—–w- c:\program files\Nokia
    2010-10-12 16:49 . 2010-10-12 16:50 ——– d—–w- c:\documents and settings\All Users\Application Data\Installations
    2010-10-10 14:51 . 2010-10-10 14:53 ——– d—–w- c:\program files\CardRecovery
    2010-10-06 16:17 . 2010-10-19 16:35 ——– d–h–r- c:\documents and settings\Eigenaar\Onlangs geopend
    2010-10-06 15:06 . 2010-10-06 15:06 ——– d—–w- c:\documents and settings\All Users\Application Data\espionServerData
    2010-10-06 15:00 . 2010-10-09 13:46 ——– d—–w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
    2010-09-29 15:01 . 2009-02-05 08:53 53248 —-a-w- c:\windows\system32\CSVer.dll
    2010-09-29 14:56 . 2010-09-29 14:56 ——– d—–w- c:\program files\Intel
    2010-09-29 14:55 . 2010-09-29 14:55 ——– d—–w- C:\Intel
    2010-09-29 14:51 . 2010-09-29 17:25 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\Uniblue
    2010-09-29 14:51 . 2010-09-29 16:44 ——– d—–w- c:\program files\Uniblue
    2010-09-29 14:51 . 2010-09-29 16:41 ——– d—–w- c:\documents and settings\All Users\Application Data\DriverScanner
    2010-09-29 14:49 . 2010-09-29 16:39 ——– dc-h–w- c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
    2010-09-29 13:33 . 2010-09-29 13:33 ——– d—–w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
    2010-09-27 07:13 . 2010-09-27 07:13 ——– d—–w- c:\program files\7-Zip
    2010-09-23 18:23 . 2010-10-10 15:09 ——– d—–w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Conduit
    2010-09-23 18:23 . 2010-10-10 15:10 ——– d—–w- c:\documents and settings\Eigenaar\Local Settings\Application Data\DVDVideoSoftTB
    2010-09-23 18:23 . 2010-09-23 18:23 ——– d—–w- c:\program files\Conduit
    2010-09-23 18:23 . 2010-09-23 18:23 ——– d—–w- c:\program files\DVDVideoSoftTB
    2010-09-23 17:34 . 2010-09-23 17:34 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\DVDVideoSoftIEHelpers
    2010-09-23 17:19 . 2010-09-23 18:33 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\MP-Manager
    2010-09-23 17:17 . 2010-09-23 17:17 ——– d—–w- c:\program files\MPMAN

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    2010-04-27 08:08 2393184 —-a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
    "SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2010-08-13 67960]
    "Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-08-16 1877272]
    "Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2007-08-16 1269000]
    "Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-08-16 9495832]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
    "hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 790528]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-09-01 340520]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "HDD Regenerator"="c:\program files\HDD Regenerator\HDD Regenerator.exe" [2010-09-03 2425104]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-6-2 565309]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-6-7 450560]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFolderInfo"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\docume~1\ALLUSE~1\AVP9\mzvkbd3.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0smrgdf c:\program files\iolo\System Mechanic Professional 6\\0SsiEfr.e

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^MagicDisc.lnk]
    backup=c:\windows\pss\MagicDisc.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^PowerReg Scheduler.exe]
    backup=c:\windows\pss\PowerReg Scheduler.exeStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^tempdeleter.lnk]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-11 20:16 39792 —-a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    2004-06-01 10:46 196608 ——w- c:\program files\Logitech\Video\ManifestEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    2004-06-01 09:09 458752 ——w- c:\program files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-01-31 21:13 385024 —-a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
    2007-09-15 01:29 102400 —-a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-11-02 21:53 204288 ——w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" /background
    "Instant Access"=rundll32.exe EGDACCESS_1068.dll,InstantAccess
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "eabconfg.cpl"=c:\program files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    "Cpqset"=c:\program files\HPQ\Default Settings\cpqset.exe
    "LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe
    "MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe"

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\javaws.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\DiskTrix\\UltimateDefrag\\UDefrag.exe"=
    "c:\\StubInstaller.exe"=
    "c:\\Program Files\\Cossacks - The Art Of War\\dmcr.exe"=
    "c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
    "c:\\SPELLEKES\\{PC Game} Star Wars Galactic Battlegrounds\\Stwars_Galactic_Battlegrounds\\Game\\Battlegrounds.exe"=
    "c:\\Documents and Settings\\Eigenaar\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\SPELLEKES\\age of empires\\age2_x1.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\OpenTTD\\openttd.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
    "c:\\Program Files\\Paradox Entertainment\\Victoria\\Victoria.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21:18 36880]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [6/09/2010 2:19 169408]
    R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 14:42 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/10/2009 19:39 19472]
    S2 gupdate1c987be2657cb96;Google Update Service (gupdate1c987be2657cb96);c:\program files\Google\Update\GoogleUpdate.exe [5/02/2009 20:18 133104]
    S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usbxp.sys [30/04/2004 15:35 24832]
    S3 c95af3a9-cdfa-4c5f-862e-40a3146b7d2c;c95af3a9-cdfa-4c5f-862e-40a3146b7d2c;\??\d:\player\cds300.dll –> d:\player\cds300.dll [?]
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-10-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-YOUR-FFACC82D80-Eigenaar.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-28 23:25]

    2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 18:18]

    2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 18:18]

    2010-09-30 c:\windows\Tasks\Uniblue SpyEraser.job
    - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2010-09-29 07:03]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.be/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mWindow Title = www.google.be
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = localhost
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\Microsoft Office 2007\Office12\EXCEL.EXE/3000
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\Eigenaar\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\ou5wz9uq.Standaardgebruiker\
    FF - prefs.js: browser.startup.homepage - www.google.be
    FF - component: c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\ou5wz9uq.Standaardgebruiker\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\ou5wz9uq.Standaardgebruiker\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
    FF - plugin: c:\docume~1\Eigenaar\APPLIC~1\PowerChallenge
    ppowerloader.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer
    pzylomgamesplayer.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin
    pgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39
    pGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    ppopcaploader.dll

    —- FIREFOX POLICIES —-
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    .
    ——- Bestandsassociaties ——-
    .
    JSEFile=NOTEPAD.EXE %1
    .
    - - - - ORPHANS VERWIJDERD - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
    MSConfigStartUp-URLLSTCK - c:\program files\Norton Internet Security\UrlLstCk.exe
    AddRemove-Cossacks - The Art of War Demo - c:\progra~1\Cossacks - The Art of War Demo\UNWISE.EXE
    AddRemove-Quake III Arena - c:\program files\Quake III Arena\QIII.isu


    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_USERS\S-1-5-21-3805080461-1517801316-570759719-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:d6,47,a3,2a,47,07,2b,9e,ed,db,9f,bb,3c,3d,41,eb,28,f1,ba,3a,4c,7f,d2,
    d5,32,73,b5,0f,ef,6b,45,f3,0f,35,78,2d,e7,78,64,57,d4,38,48,43,06,17,b3,d6,\
    "??"=hex:69,18,09,69,1e,36,36,88,0f,b3,0a,6f,73,81,fc,c7
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(452)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\WRLogonNTF.dll

    - - - - - - - > 'explorer.exe'(7464)
    c:\program files\Logitech\MouseWare\System\LgWndHk.dll
    c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\UAService7.exe
    c:\program files\Logitech\MouseWare\system\em_exec.exe
    c:\program files\Brother\ControlCenter3\brccMCtl.exe
    c:\program files\Brother\Brmfcmon\BrMfimon.exe
    c:\program files\Uniblue\SpeedUpMyPC\sump.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\program files\HPQ\SHARED\HPQWMI.exe
    c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    c:\program files\PC Connectivity Solution\ServiceLayer.exe
    c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
    c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2010-10-19 19:43:47 - machine werd herstart
    ComboFix-quarantined-files.txt 2010-10-19 17:43

    Pre-Run: 15 559 880 704 bytes beschikbaar
    Post-Run: 15 574 396 928 bytes beschikbaar

    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=N2VPJK /Kernel=TUKernel.exe
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=N2VPJK-BAK

    - - End Of File - - E7A1D0E07E74C31C8B837F53ED3EA77E







  • [b:cc4d86cfbd]Dit is het logfile van hijackthis[/b:cc4d86cfbd]

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:47:46, on 19/10/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\HDD Regenerator\HDD Regenerator.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\HDD Regenerator\HDD Regenerator.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\Documents and Settings\Eigenaar\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HDD Regenerator] C:\Program Files\HDD Regenerator\HDD Regenerator.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
    O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\Microsoft Office 2007\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Eigenaar\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
    O8 - Extra context menu item: Verzenden naar &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: &Virtueel toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office 2007\Office12\REFIEBAR.DLL
    O9 - Extra button: URL Adviseur - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206368452921
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\AVP9\mzvkbd3.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c987be2657cb96) (gupdate1c987be2657cb96) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe


    End of file - 10827 bytes
  • ik denk dat het is gelukt
    configuratiescherm kan terug geopend worden. en die stomme melding komt niet meer :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.